Professional Documents
Culture Documents
D58682GC10
Edition 1.0
July 2009
D61315
Authors
Shankar Raman
Disclaimer
Technical Contributors
and Reviewers
Werner Bauer
Mike Blevins
Steve Button
David Cabelus
Shailesh Dwivedi
Will Hopkins
Bala Kothandaraman
Mike Lehmann
Serge Moiseev
Nagavalli.Pataballa
TJ Palazzolo
Holger Dindler Rasmussen
Anand Rudrabatla
Matthew Slingsby
Graphic Designer
Priya Saxena
Editors
Aju Kumar
Nita Pavitran
Raj Kumar
Publishers
Jobi Varghese
Pavithran Adka
Steve Friedberg
Contents
Introduction
Objectives I-2
Course Prerequisites I-3
Course Objectives I-4
Course Schedule I-6
Facilities in Your Location I-8
Summary I-9
iii
Preface
vi
viii
10 Deployment Concepts
Objectives 10-2
Road Map 10-3
Overview of Deployment 10-4
What Is Deployed? 10-5
Deployment Process 10-7
Deployment Methods 10-8
Deployment Tools 10-9
Console Deployment Method 10-10
Console Deployment Production Mode 10-11
Preparing a New Application 10-12
Preparing a New Application: Targeting 10-13
Preparing a New Application: Settings 10-14
Deploying or Undeploying Applications 10-15
Redeploying an Application 10-16
ix
12 Advanced Deployment
Objectives 12-2
Road Map 12-3
What Is a Deployment Plan? 12-4
Configuring an Application for Multiple Deployment Environments 12-5
Sample Deployment Plan 12-7
Creating a Deployment Plan 12-8
Creating a New Deployment Plan 12-10
weblogic.PlanGenerator 12-11
Using the Administration Console to Generate a Deployment Plan 12-12
Modifying and Saving Data to Create a New Plan 12-13
New Deployment Plan Shows Changed Values 12-14
Using an Existing Deployment Plan to Configure an Application 12-15
Using an Existing Deployment Plan 12-17
Generic File-Loading Overrides 12-18
Directory Structure for Easier Production Deployment 12-19
Performing a Sanity Check in Production Without Disruption to the Clients 12-20
xi
15 Introduction to Clustering
Objectives 15-2
Road Map 15-3
What Is a Cluster? 15-4
Benefits of Clustering 15-5
What Can Be Clustered 15-6
Proxy Servers for HTTP Clusters 15-7
High Availability for EJBs 15-8
Clustering EJB Objects: Replica-Aware Stub 15-9
EJB: Server Failure Situations 15-10
Load-Balancing Clustered EJB Objects 15-11
Stateless Session Bean Failover 15-12
Road Map 15-13
Selecting a Cluster Architecture 15-14
Cluster Architecture 15-15
Basic Cluster Architecture 15-16
Basic Cluster Architecture: Advantages and Disadvantages 15-17
Multitier Cluster Architecture 15-18
Multitier: Advantages and Disadvantages 15-19
Basic Cluster Proxy Architecture 15-21
Multitier Cluster Proxy Architecture 15-22
xiv
16 Configuring a Cluster
Objectives 16-2
Road Map 16-3
Preparing Your Environment 16-4
Hardware 16-5
IP Addresses and Host Names 16-6
Cluster Address 16-7
Road Map 16-8
Methods of Configuring Clusters 16-9
Creating a Cluster by Using the Administration Console 16-10
Setting Cluster Attributes 16-12
Configuring Cluster Communication 16-13
Adding Cluster Members: Option 1 16-14
Adding Cluster Members: Option 2 16-15
Creating a Cluster with the Configuration Wizard 16-16
Clusters and the Configuration Wizard 16-17
Clusters and WLST 16-18
Creating a Cluster Using the Cluster MBean 16-19
Synchronization When Starting Servers in a Cluster 16-20
Configuring OHS as Proxy Server 16-22
Starting and Stopping OHS Manually 16-23
Verifying Access Through OHS 16-24
Quiz 16-25
Summary 16-26
Practice 16 Overview: Configuring Clusters 16-27
xv
17 Managing Clusters
Objectives 17-2
Road Map 17-3
Deploying Applications to a Cluster 17-4
Two-Phase Deployment 17-5
Considerations for Deploying to Cluster 17-6
Production Redeployment in a Cluster 17-7
Road Map 17-8
HTTP Session State Replication 17-10
HTTP Session: In-Memory Replication 17-11
In-Memory Replication 17-14
Requirements for In-Memory Replication 17-15
Configuring In-Memory Replication 17-16
HTTP Session: Replication Using JDBC 17-18
HTTP Session Replication Using JDBC 17-19
Configuring JDBC Replication 17-20
JDBC Persistent Table Configuration 17-21
HTTP Session Replication Using File 17-23
Configuring File Replication 17-24
Replication Groups 17-26
Configuring Replication Groups 17-28
Failover with Replication Groups 17-29
HTTP State Management Best Practices 17-30
Road Map 17-31
Configuring EJB Clustering in Deployment Descriptors 17-32
Configuring EJB Clustering Using the Administration Console 17-33
Configuring Clusterable Stateless Session EJBs 17-34
Clusterable EJBs: Idempotent Methods 17-35
Stateful Session Beans 17-36
Configuring Clusterable Stateful Session EJBs 17-37
Read/Write Versus Read-Only 17-38
Entity Bean Cluster-Aware Home Stubs 17-39
EJB Best Practices 17-40
Quiz 17-41
Summary 17-45
Practice 17: Overview Managing Clusters 17-46
xix
Preface
Profile
Before You Begin This Course
Before you begin this course, you should be able to
Issue basic UNIX user-level commands
Perform UNIX desktop navigation tasks
Describe basic XML concepts
Describe basic TCP/IP networking client/server concepts
How This Course Is Organized
Preface - 3
Related Publications
Oracle Publications
Title
Part Number
Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server 11g
Release 1 (11.1.1)
E10144-01
Additional Publications
System release bulletins
Installation and users guides
read.me files
International Oracle Users Group (IOUG) articles
Oracle Magazine
Preface - 4
Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache 11g
Release 1 (11.1.1)
E10143-01
Typographic Conventions
The following two lists explain Oracle University typographical conventions for
words that appear within regular text or within code samples.
1. Typographic Conventions for Words Within Regular Text
Convention
Object or Term
Example
Courier New
User input;
commands;
column, table, and
schema names;
functions;
PL/SQL objects;
paths
Log in as scott
Initial cap
Triggers;
Assign a When-Validate-Item trigger to
user interface object the ORD block.
names, such as
button names
Click the Cancel button.
Italic
Titles of
courses and
manuals;
emphasized
words or phrases;
placeholders or
variables
Lesson or module
titles referenced
within a course
Quotation marks
Preface - 5
Enter 300.
Convention
Object or Term
Example
Uppercase
Commands,
functions
SELECT employee_id
FROM employees;
Lowercase,
italic
Syntax variables
Initial cap
Forms triggers
Lowercase
Column names,
table names,
filenames,
PL/SQL objects
. . .
OG_ACTIVATE_LAYER
(OG_GET_LAYER ('prod_pie_layer'))
. . .
SELECT last_name
FROM
employees;
Bold
Preface - 6
Objectives
Scenario
The Medical Records application needs to store data in a relational database. The application
programmers do not have experience with the particular database vendor that you have chosen, but
are familiar with SQL from another vendor. They want to isolate the vendor- and platform-specific
commands and write generic SQL that would work against any kind of relational database.
Eventually, they plan to migrate to Oracle Database, and would like to preserve all of their work now
as being vendor-agnostic.
Objectives
Road Map
Overview of JDBC
Data sources
Monitoring and testing data sources
JDBC Review
Application
Get connection
Perform SQL
JDBC
driver
DB
JDBC Review
The JDBC API is a natural Java interface for working with SQL. It builds on Open Database
Connectivity (ODBC) rather than starting from the beginning, so programmers familiar with ODBC
find it very easy to learn.
The value of JDBC lies in the fact that an application can access virtually any data source and run on
any platform with a Java Virtual Machine (JVM). That is, with JDBC, it is not necessary to write one
program to access a Sybase database, another to access an Oracle database, another to access an IBM
DB2 database, and so on. You can write a single program using the JDBC API. Because the
application is written in Java, you need not write different applications to run on different platforms,
such as Windows and Linux.
JDBC accomplishes database connections by using a driver mechanism that translates the JDBC calls
to native database calls. Although most available drivers are fully written in Java (Type 4) and are
thus platform-independent, some drivers (Type 2) use native libraries and are targeted to specific
platforms.
Oracle WebLogic Server includes several Type 4 JDBC drivers, which are compliant with the JDBC
3.0 specification. In addition, the Type 4 drivers support the following JDBC 4.0 specification
features:
Connection validation
Client information storage and retrieval
Auto-load driver classes (when using Java Platform, Standard Edition 6 (Java SE 6)
Oracle WebLogic Server 11g: Administration Essentials 13 - 4
Data source
Pool
App
App
App
JNDI lookup
Get connection
Perform SQL
Connection
Connection
Connection
DB
Connection
JDBC driver
Data sources:
Enable database connectivity to be managed by the
application server
Are obtained by applications from the servers JNDI tree
Use a dynamic pool of reusable database connections
Multi-Tier Architecture
Client
Java applet or
Java DBMS client
Server
Data source
DBMS
Multi-Tier Architecture
The middle tier makes it possible to maintain control over access and the kinds of updates that can be
made to corporate data. Another advantage is that it simplifies the deployment of applications.
Finally, in many cases, the multi-tier architecture can provide performance advantages.
Until recently, the middle tier has typically been written in languages such as C or C++, which offer
fast performance. However, with the introduction of optimizing compilers that translate Java
bytecode into efficient machine-specific code and technologies, such as Enterprise JavaBeans, the
Java platform is fast becoming the standard platform for middle-tier development. This is a big plus,
making it possible to take advantage of Javas multithreading and security features.
With enterprises increasingly using the Java programming language for writing server code, the
JDBC API is being used more and more in the middle tier of a three-tier architecture. Some of the
features that make JDBC a server technology are its support for connection pooling, distributed
transactions, and disconnected rowsets. The JDBC API is what allows access to a data source from a
Java middle tier.
Type 4 Drivers
Type 4 drivers are all-Java driver implementations that do not
require client-side configuration.
Java app
DBMS
JDBC API
JDBC driver
Type 4 Drivers
A Type 4 driver is a database driver that is written in 100% pure Java. Drivers that are written in Java
have all the performance benefits because they do not have the extra layers between the program and
the database. They can operate on any platform and can be downloaded from a server (when using an
applet, for example). Because the driver can be downloaded from a server, the client machine does
not require preconfiguration of a native driver. This preconfiguration is why the Type 1, 2, and 3
drivers are now deprecated. All that remains is Type 4 drivers.
Client
Road Map
Overview of JDBC
Data sources
Describing a data source and how it works
Using the Administration Console to create a data source
DataSourceA
: Connection
: Connection
DBMS
: Connection
Component
: Connection
DataSourceB
IDEs and other tools can validate the JDBC modules based
on the schema.
Lookup
data source
Managed server
Connection
pool
3 getConnection()
Data source
Return connection
JNDI
DBMS
Connection
5 Database access
Notice non-XA
Non-XA Configuration
Non-XA Configuration
If you selected a non-XA JDBC driver, you are presented with two transaction options: Supports
Global Transactions and Supports Local Transactions. If you select the non-XA option, WebLogic
can use several alternative strategies to emulate XA on your non-XA driver.
Sample schemas
Test Configuration
On the Test Database Connection page, review the connection parameters and click Test
Configuration. WebLogic attempts to create a connection from the Administration Server to the
database. Results from the connection test are displayed at the top of the page. If the test is
unsuccessful, you should correct any configuration errors and retry the test.
Selecting a target is optional. You can click Finish after testing without assigning a target. The JDBC
source will be configured, but not deployed. If you skip selecting the target, there is a chance to
deploy the JDBC source later. Select a server target (or not), and then click Finish.
Test Configuration
JDBC data
source
ls()
weblogic.rmi.cluster.ClusterableRemoteObject
weblogic.rmi.cluster.ClusterableRemoteObject
weblogic.rmi.cluster.ClusterableRemoteObject
weblogic.rmi.cluster.ClusterableRemoteObject
Demonstration
Configure data sources for Oracle Database.
Go to OTN > Tutorials > Fusion Middleware > Oracle
WebLogic Server 10.3 > Deploy J2EE Applications >
Configure Data Sources.
Demonstration
See the demonstration at the following URL:
http://www.oracle.com/technology/obe/fusion_middleware/wls103/appdeploy/configure/datasource/
Conf_DS_WLS.htm
JDBC URLs
Database locations are specified using a JDBC Uniform
Resource Locator (URL).
Example 1:
jdbc:oracle:thin:@dbhost:1521:SALESINFO
Example 2:
This URL can be used to access a PointBase database:
jdbc:pointbase:server://dbhost:9092/HRDATABASE
JDBC URLs
If you use a JDBC driver developed by a third party, the documentation tells you what
subprotocol to usethat is, what to put after jdbc: in the JDBC URL. The syntax for a
JDBC URL is jdbc:subprotocol:subname.
subprotocol identifies the database connectivity mechanism.
subname identifies the data source. The subname can vary depending on the subprotocol.
The contents and syntax of subname depends on subprotocol. subname can also specify a
network address for the databasefor example, subname can be specified using
//hostname:port/dbname.
For Example 1
dbhost: The host name or IP address
1521: The default listener port
SALESINFO: The system identifier (SID), the name of the database
For Example 2
subprotocol is pointbase:server.
subname is a location of the PointBase database named HRDATABASE.
Connection Properties
Are key/value pairs
Are used to configure JDBC connections
Are passed to the driver during connection setup
Connection Properties
Connection properties are a set of key/value pairs that are passed to the driver when database
connections are created. Connection properties are specific to the driver. For a complete list, see your
driver documentation.
Oracle
Sybase
MSSQL
Informix
PointBase
Driver
Road Map
Overview of JDBC
Data sources
Monitoring and testing data sources
Monitoring
Testing
Suspend/resume
Monitor data
source statistics.
successfully.
on a
given
server
take this
action.
Answer: 2
All these are valid settings for a data source except queue size. Data sources use connection pooling,
but not a queue.
Quiz
Answers: 3, 5
Remember that system data sources are scoped to the domain, whereas application data sources are
deployed as part of an application.
Quiz
Answer: 4
Quiz
Summary
Practice 13 Overview:
Configuring JDBC Data Sources
Objectives
Scenario
Consider an online order entry application that integrates with a shipping application. In this
case, you may not want the online customer to keep waiting for the shipping application to
finalize the shipping process.
Generally, in such cases, the following steps are performed:
1. The customer places an order using the order entry application.
2. When the order is completed and confirmed (may involve a credit check and so on), the
order details are placed in a message queue.
3. The shipping application regularly checks the order message queue, picks up the orders
from the message queue, assigns the appropriate shipping agency (for example, UPS,
FedEx, or USPS), and appropriately generates shipping labels.
4. In addition, the shipping may append the shipping details to the order message.
Objectives
Road Map
JMS overview
JMS server and modules
Types of JMS destinations
Message-Oriented Middleware
Message-Oriented Middleware
The message-oriented middleware became widely used when providers created architectures that
could operate in a standard way on a variety of platforms and enabled asynchronous
communication between applications. These providers gained popularity in enabling integration
of mainframes and personal computers.
Even though there is much competition and variety in message-oriented middleware products,
they tend to fall into one of the following categories:
Point-to-point
Publish/Subscribe
Request-reply
JMS Messaging Models
JMS supports the point-to-point (PTP) and Publish/Subscribe messaging models. The models are
very similar, except the following:
The PTP messaging model enables delivery of a message to exactly one recipient.
The Publish/Subscribe messaging model enables delivery of a message to multiple
recipients.
Request-reply messaging model is more suited in a synchronous messaging environment where
the requester and replier are in conversational modethe requester waits for a response from the
replier before continuing work. It is not explicitly supported in JMS.
Oracle WebLogic Server 11g: Administration Essentials 14 - 4
Point-To-Point Queue
Many message producers can serialize messages to multiple
receivers in a queue.
Caller
(Producer)
Incoming Calls
queue
3
1
Caller
(Producer)
Rep - A
Rep - B
2
Oracle WebLogic Server
Rep - C
Point-To-Point Queue
When using a PTP queue, multiple message producers can put messages onto a single queue.
The queue serializes the messages in a linear order. Multiple receivers can take messages off the
queue; the messages typically come off in a first-in, first-out (FIFO) order; the oldest message
on the queue is the first one to be taken off.
A message can be delivered only to one receiver. Receivers are also referred to as consumers.
An example of when to use a PTP queue would be at a call center.
Calls are routed into the network through a PBX. The PBX system places incoming calls
onto an Incoming Calls queue. When a service representative is available, the
representative requests for the next caller in the system.
The system pulls off the queue the caller who has been waiting the longest (FIFO method)
and routes the caller to the service representative.
After the conversation is established between an in-queue customer and a representative, it
becomes a synchronous communication. (This is similar to request-reply mode).
This is only an example and, in many cases, the responses are not just pure FIFO but weightings
assigned by the organizations.
Messages are
delivered to one client.
Publish/Subscribe Topics
Publishing and subscribing to a topic decouples producers from
consumers.
Publisher
Distribution
topic
Subscriber
3
Subscriber
Publisher
Subscriber
Publish/Subscribe Topics
Having the publishers publish to a topic rather than directly to a list of subscribers decouples the
publishers and subscribers.
By doing this, a publisher is not required to manage the number of subscribers (if any) that must
receive the message. By delegating the message delivery work to the message-oriented
middleware server (which manages the topic), the publisher does not have to manage the
delivery of guaranteed messages, fault tolerance of its production, load balancing, or other
issues. By decoupling a subscriber from the publisher, the subscriber does not have to determine
whether its publisher is active. If the message-oriented middleware server is executing, the needs
of both the publishers and the subscribers are met.
An example of using a Publish/Subscribe topic is a stock ticker application.
A typical system would set up a topic for each stock that is traded on the exchanges.
When a trade is made on a stock, the respective exchange publishes a message to the topic
that is associated with the stock traded.
Clients who are interested in receiving updates about the status of their stocks use a
program to subscribe to the topics of each stock they are interested in.
When the topic update is recognized, the message server broadcasts the message to all the
interested (clients) stock ticker programs.
Oracle WebLogic Server 11g: Administration Essentials 14 - 6
Client 1
JMS
JMS Server
JNDI
A1 > A
B1 > B
Persistent
storage
JMS Server
B
Client 2
WebLogic Server
JMS
Connection
WLS
2
Create a
connection.
JNDI
Create a
session.
Session
Destination
Client
Look up a
destination.
JMS Server
Destination
is returned. 4
Send
message.
Destination: Topic
To send messages,
these are required:
- Connection
- Session
- Destination
Destination: Queue
Transacted Messaging
Producer
Consumer
Messages arrive
at the destination.
Store
Messages are
removed
from the destination.
Transacted Messaging
JMS clients can participate in a distributed or local transaction. There are two scenarios:
On the Producer side, a transaction begins and some operations, such as sending messages,
are performed. If the transaction commits, all the messages are sent to the destination. If
the transaction rolls back, none of the messages arrive at the destination.
On the Consumer side, a transaction begins and some operations, such as processing
messages, are performed. If the transaction commits, the processed messages are removed
from the destination. If the transaction rolls back, the messages stay in the destination.
Managed Server B
JMS Server 2
Queue B
Topic Z
Queue B
Topic Z
Managed Server A
Road Map
Oracle WebLogic Server JMS administration
Configuring JMS objects
JMS client
JMS client
Queues
Queues
Queues
Topics
Topics
Topics
Queues
Queues
Queues
JMS client
Topics
Topics
Topics
JMS
Server A
JMS client
JMS client
JMS
Server B
JMS client
Persistence
2
3
1
2
JMS Modules
config.xml
EAR
weblogicapplication.xml
DD
MyJMSDescriptorjms.xml
Application module
demo-jms.xml
System module
JMS Modules
JMS modules are application-related definitions that are independent of the domain
environment. You create and manage JMS resources either as system modules or application
modules.
JMS system modules are typically configured using the Administration Console or the
WebLogic Scripting Tool (WLST), which adds a reference to the module in the domains
config.xml file. System modules are owned and modified by the WebLogic
administrator and are available to all applications.
JMS application modules are a WebLogic-specific extension of Java EE modules and can
be deployed either with a Java EE application (as a packaged resource) or as stand-alone
modules that can be made globally available. Application modules are owned and modified
by WebLogic developers, who package JMS resource modules with the applications EAR
file.
After the initial deployment is completed, an administrator has only limited control over the
deployed applications. For example, administrators are allowed only to ensure the proper life
cycle of these applications (deploy, undeploy, redeploy, remove, and so on) and tune parameters,
such as increasing or decreasing the number of instances of any given application to satisfy the
client needs. Other than life cycle and tuning, any modification to these applications must be
completed by the application development team.
Oracle WebLogic Server 11g: Administration Essentials 14 - 19
deploy
JMS Modules
Connection Factories
JMS connection factories are used to set default client
connection parameters, including:
Message priority
Message time-to-live (TTL)
Message persistence
Transactional behavior
Acknowledgement policy
Flow control
Connection Factories
Connection factories are resources that enable JMS clients to create JMS connections. A
connection factory supports concurrent use, enabling multiple threads to access the object
simultaneously. WebLogic JMS provides preconfigured default connection factories that can be
enabled or disabled on a per-server basis. You can also configure one or more connection
factories to create connections with predefined options that better suit your application.
Some connection factory options are dynamically configurable. You can modify the following
parameters for connection factories:
General configuration parameters, including modifying the default client parameters,
default message delivery parameters, load-balancing parameters, unit-of-order parameters,
and security parameters
Transaction parameters, which enable you to define a value for the transaction timeout
option and to indicate whether an XA queue or XA topic connection factory is returned,
and whether the connection factory creates sessions that are XA-aware
Flow control parameters, which enable you to tell a JMS server or a destination to slow
down message producers when it determines that it is becoming overloaded
When connection factory options are modified at run time, only the incoming messages are
affected; stored messages are not affected.
Oracle WebLogic Server 11g: Administration Essentials 14 - 22
You need to configure a new connection factory only if the preconfigured settings of the default
factories are not suitable for your application. The main difference between the preconfigured
settings for the default connection factories and a user-defined connection factory is the default
value for the XA Connection Factory Enabled option to enable JTA transactions. Also, using
default connection factories means that you have no control over targeting the Oracle WebLogic
Server instances where the connection factory may be deployed. However, you can enable or
disable the default connection factories on a per-Oracle WebLogic Server basis.
3
Copyright 2009, Oracle. All rights reserved.
Destination
Destination
A JMS destination identifies a queue (point-to-point) or topic (Publish/Subscribe) for a JMS
server.
After configuring a JMS server, configure one or more queue or topic destinations for each JMS
server. You configure destinations explicitly or by configuring a destination template that can be
used to define multiple destinations with similar attribute settings.
A JMS destination identifies a queue (point-to-point) or topic (Publish/Subscribe) resource
within a JMS module. Each queue and topic resource is targeted to a specific JMS server. A JMS
servers primary responsibility for its targeted destinations is to maintain information about the
persistent store that is used for any persistent messages that arrive on the destinations and to
maintain the states of the durable subscribers created on the destinations.
Queue Destinations
Receiver
Sender
Queue
Receiver
Queue Destinations
The point-to-point (PTP) messaging model enables one application to send a message to another.
PTP messaging applications send and receive messages using named queues. A queue sender
(producer) sends a message to a specific queue. A queue receiver (consumer) receives messages
from a specific queue. Multiple queue senders and queue receivers can be associated with a
single queue, but an individual message can be delivered to only one queue receiver.
If multiple queue receivers are listening for messages on a queue, WebLogic JMS determines
which one will receive the next message on a first come, first serve basis. If no queue receivers
are listening on the queue, messages remain in the queue until a queue receiver attaches to the
queue.
Topic Destinations
Subscriber
Publisher
Topic
Subscriber
Topic Destinations
The Publish/Subscribe (pub/sub) messaging model enables an application to send a message to
multiple applications. Pub/sub messaging applications send and receive messages by subscribing
to a topic. A topic publisher (producer) sends messages to a specific topic. A topic subscriber
(consumer) retrieves messages from a specific topic. Unlike the PTP messaging model, the
pub/sub messaging model allows multiple topic subscribers to receive the same message. JMS
retains the message until all topic subscribers have received it.
The pub/sub messaging model supports durable subscribers. For durable subscriptions,
WebLogic JMS stores a message in a persistent file or database until the message is delivered to
the subscribers or has expired, even if those subscribers are not active at the time the message is
delivered. To support durable subscriptions, a client identifier (client ID) must be defined for the
connection by the JMS client application. Support for durable subscriptions is a feature that is
unique to the pub/sub messaging model, so client IDs are used only with topic connections;
queue connections also contain client IDs, but JMS does not use them.
Road Map
Oracle WebLogic Server JMS administration
Configuring JMS objects
Durable subscribers and persistent messaging
Durable subscribers
Configuring durable subscribers
Persistent and nonpersistent messages
Persistent backing stores using the Console
Monitoring JMS
Publisher client
Topic A
(A durable subscription)
Associated
with
JMS server
Client registers ID
Persistent store
database or file
Active client
(A durable subscriber)
Persistent Messaging
Store
Persistent Messaging
A persistent message is guaranteed to be delivered only once. It is not considered sent until it has
been safely written to a WebLogic persistent store that is assigned to each JMS server during
configuration.
Nonpersistent messages are not stored. If a connection is closed or recovered, all nonpersistent
messages that have not yet been acknowledged will be redelivered. After a nonpersistent
message is acknowledged, it will not be redelivered.
WebLogic persistent stores provide built-in, high-performance storage solutions for the Oracle
WebLogic Server subsystems and services that require persistence. For example, they can store
persistent JMS messages or temporarily store messages that are sent using the JMS store-andforward feature. The persistent store supports persistence to a file-based store or to a JDBCenabled database. Each server instance, including the administration server, has a default
persistent store that requires no configuration. The default store is a file-based store that
maintains its data in a group of files in the data\store\default directory of a server
instance.
Configure persistent messaging if:
Development requires durable subscriptions (use durable subscribers in the application)
You require that in-progress messages persist across server restarts
Oracle WebLogic Server 11g: Administration Essentials 14 - 37
Database
Road Map
Oracle WebLogic Server JMS administration
Configuring JMS objects
Durable subscribers and persistent messaging
Monitoring JMS
Monitoring JMS servers
Monitoring JMS modules
Monitoring Queues
Use this page to view run-time statistics about the current queue resource. Run-time statistics
include counts, pending, and threshold data for consumers, bytes, and messages for the queue.
To access the queues message management page, select the check box next to its name, and
then click the Show Messages button.
Monitoring Queues
Answers: 2, 3
Remember that a JMS queue is for simple point-to-point messaging, whereas a topic is for
Publish/Subscribe messaging in which messages are broadcast to all listening consumers.
Quiz
Answers: 1, 2, 3
Remember that JMS destinations (queues and topics) and connection factories are commonly
deployed as part of a JMS module.
Quiz
Summary
Practice Overview:
Configuring JMS Resources
This practice covers the following topics:
Configuring JMS resources such as:
JMS server, JMS module, queue, and topic
Introduction to Clustering
Objectives
Scenario
Clustering provides availability and scalability benefits. As the administrator at MedRec, you
want to understand the benefits of clustering and the architectural considerations to help you
decide on the appropriate structure for your environment.
Objectives
Road Map
Oracle WebLogic cluster introduction
What is a cluster?
Benefits of clustering
HTTP clustering and proxy plug-in
Introduce EJB clustering
Cluster architecture
Cluster communication
What Is a Cluster?
A cluster:
Is a logical group of managed servers within a domain
domain
Supports features to
provide high
machine
machine
availability for:
server
cluster
server
server
server
Is transparent to clients
What Is a Cluster?
An Oracle WebLogic Server cluster consists of one or more Oracle WebLogic Server instances
running simultaneously and working together to provide increased scalability and reliability. A
cluster appears to clients as one Oracle WebLogic Server instance. The server instances that
constitute a cluster can run on one machine or on different machines.
By replicating the services provided by one instance, an enterprise system achieves a fail-safe
and scalable environment. It is good practice to set all the servers in a cluster to provide the
same services.
You can increase a clusters capacity by adding server instances to the cluster on an existing
machine, or by adding machines to the cluster to host the incremental server instances.
The clustering support for different types of applications is as follows:
For Web applications, the cluster architecture enables replicating the HTTP session state of
clients. You can balance the Web application load across a cluster by using an Oracle
WebLogic Server proxy plug-in or an external load-balancer.
For Enterprise JavaBeans (EJBs) and Remote Method Invocation (RMI) objects, clustering
uses the objects replica-aware stub. When a client makes a call through a replica-aware
stub to a service that fails, the stub detects the failure and retries the call on another replica.
For JMS applications, clustering supports clusterwide transparent access to destinations
from any member of the cluster.
Oracle WebLogic Server 11g: Administration Essentials 15 - 4
Whole servers
Web applications and
services
EJB applications
JDBC resources
JMS
Benefits of Clustering
Description
Scalability
Load balancing
Application
failover
Availability
Migration
Benefits of Clustering
An Oracle WebLogic Server cluster provides the following benefits:
Scalability: The capacity of a cluster is not limited to one server or one machine. Servers
can be added to the cluster dynamically to increase capacity. If more hardware is needed, a
new server on a new machine can be added.
Load Balancing: The distribution of jobs and associated communications across the
computing and networking resources in your environment can be even or weighted,
depending on your environment. Even distributions include round-robin and random
algorithms.
Application Failover: Distribution of applications and their objects on multiple servers
enables easier failover of the session-enabled applications.
Availability: A cluster uses the redundancy of multiple servers to insulate clients from
failures. The same service can be provided on multiple servers in a cluster. If one server
fails, another can take over. The capability to execute failover from a failed server to a
functioning server increases the availability of the application to clients.
Migration: This ensures uninterrupted availability of pinned services or components
those that must run only on a single server instance at any given time, such as the Java
Transaction API (JTA) transaction recovery system, when the hosting server instance fails.
Understanding the technical infrastructure that enables clustering helps programmers and
administrators to maximize the scalability and availability of their applications.
Oracle WebLogic Server 11g: Administration Essentials 15 - 5
Concept
Server
EJB
Server
EJB
R1
Replica-aware
Stub
Replica
handler
Server 1
R1
R2
R2
Server 2
Round-robin
Weight-based
Random
Parameter-based routing (programmatic)
Road Map
Oracle WebLogic cluster introduction
Cluster architecture
Considerations for selecting an appropriate cluster
architecture
Basic cluster architecture
Multitier cluster architecture
Proxy servers
Cluster communication
Performance
Efficient state persistence
Optimal load balancing
Effective failover
Reliable communication
Cluster Architecture
Cluster Architecture
Applications are usually broken into three functional tiers: Web tier, presentation tier, and object
tier. In programming circles, these are also known as the model, view, and control. You tend to
abstract them a little more when talking about clustering, but they are effectively the same.
The Web tier provides the static, idempotent presentation of a Web application and is generally
the first piece that clients come in contact with. Often, the Web tier is handled by a Web server,
such as Oracle HTTP Server, Apache, Internet Information Server (IIS), or Netscape Enterprise
Server (NES).
The presentation tier provides the dynamic content, such as servlets, JSP, and so forth. This tier
also acts as a consumer to the business logic represented in the business tier. The presentation
tier typically contains implemented design patterns or run-time frameworks that allow the client
to interact with the business tier and generate a dynamic view of that tier per request or session.
The presentation tier is handled by WebLogic and is accessed via direct or indirect client
requests to the presentation tier elements.
The business tier provides access to business logic, middleware, and integrated systems.
Typically, these are handled by various types of EJBs or server services, such as JMS and JDBC.
WebLogic also handles this tier, but there are other applications, services, and servers that
participate at this level.
Oracle WebLogic Server 11g: Administration Essentials 15 - 15
Web tier
Presentation tier
Business or object tier
Web
container
Load
balancer
server 2
Web
container
Firewall
EJB
container
EJB
container
Cluster
server 1
Advantages:
Easy administration
Flexible load balancing
Robust security
Disadvantages:
It cannot load-balance EJB method calls.
Load-balancing across the tiers may become unbalanced.
Load
balancer
Firewall
server 1
Web
container
server 3
EJB
container
server 2
Web
container
server 4
EJB
container
Cluster A
Cluster B
Domain
Disadvantages:
Can create a bottleneck when the presentation tier makes
frequent calls to the business logic
Can lead to increased licensing cost
Can lead to added firewall configuration complexity
Web layer
(Proxy)
Server
Load
balancer
server 1
Servlet/
JSP
EJB
container
Plug-in
HTTP
server 2
Server
Servlet/
Plug-in
JSP
Firewall
EJB
container
Cluster
HTTP
server 1
Web
container
server 3
EJB
container
HTTP
server 2
server 4
Server
Web
container
EJB
container
Cluster A
Cluster B
HTTP
Server
Load
balancer
Plug-in
Plug-in
Firewall
Domain
Web layer
(Proxy)
Proxy Plug-Ins
Proxy plug-ins:
Server 1
Server 2
C
l
u
s
t
e
r
Proxy Plug-Ins
A proxy plug-in may be essential in an environment where Oracle HTTP Server or other Web
servers serve static pages, and an Oracle WebLogic Server (possibly on a different host) is
delegated to serve dynamic pages (such as JSPs or pages generated by HTTP servlets). To the
end user (the browser), the HTTP responses still appear to come from the same sourcethe
Web server running the plug-in. Oracle WebLogic Server on the back end is invisible. The
HTTP-tunneling facility of the WebLogic client/server protocol can operate through the plug-in,
providing access to all Oracle WebLogic Server services (not just dynamic pages).
Oracle WebLogic Server plug-ins provide efficient performance by reusing connections from
the plug-in to Oracle WebLogic Server. The plug-in maintains keep-alive connections
between the plug-in and Oracle WebLogic Server.
For documentation on plug-ins, see Oracle Fusion Middleware Using Web Server Plug-Ins with
Oracle WebLogic Server 11g Release 1 (10.3.1).
WLS HttpClusterServlet
HttpClusterServlet:
Internet
server
cluster
WLS Proxy
Server
HttpClusterServlet
client
machine
machine
Admin
Server
server
client
client
domain
server
server
WLS HttpClusterServlet
HttpClusterServlet proxies the requests from an Oracle WebLogic Server to other
Oracle WebLogic Server instances within a cluster. HttpClusterServlet provides load
balancing and failover for the proxied HTTP requests.
Road Map
Oracle WebLogic cluster introduction
Cluster architecture
Cluster communication
Server communication in a cluster
Detecting a failure
Multitier communication
One-to-Many Communications
One-to-Many Communications
Oracle WebLogic Server uses multicast to broadcast regular heartbeat messages that advertise
the availability of individual server instances in a cluster. The servers in a cluster listen to
heartbeat messages to determine when a server has failed. (Clustered servers also monitor IP
sockets as a more immediate method of determining when a server has failed.)
All servers use multicast to announce the availability of clustered objects that are deployed or
removed locally. Servers monitor the announcements so that they can update their local JNDI
tree to indicate the current deployments of clustered objects.
Because multicast controls the critical functions related to detecting failures and maintaining the
clusterwide JNDI tree, it is important that neither the cluster architecture nor the network
topology interfere with multicast communications.
If server instances in a cluster do not process incoming messages on a timely basis, increased
network traffic and heartbeat retransmissions can result. The repeated transmission of multicast
packets on a network is referred to as a multicast storm, and can stress the network and attached
stations, potentially causing end-stations to hang or fail. Increasing the size of the multicast
buffers can improve the rate at which announcements are transmitted and received, and prevent
multicast storms.
Peer-to-Peer Communications
Proper socket configuration is crucial to the performance of an Oracle WebLogic Server cluster.
Two factors determine the efficiency of socket communications in Oracle WebLogic Server:
Whether the servers host system uses a native or a pure-Java socket reader
implementation
For systems that use pure-Java socket readers, whether or not the server is configured to
use enough socket reader threads
IP sockets provide a simple, high-performance mechanism for transferring messages and data
between two applications. Clustered Oracle WebLogic Server instances use IP sockets for the
following:
Accessing nonclustered objects that are deployed to another clustered server instance on a
different machine
Replicating HTTP session states and stateful session EJB states between a primary and
secondary server instance
Accessing clustered objects that reside on a remote server instance (This generally occurs
only in a multitier cluster architecture.)
Note: The use of IP sockets in Oracle WebLogic Server actually extends beyond the cluster
scenarioall RMI communication takes place using sockets (for example, when a remote Java
application accesses a remote object).
Oracle WebLogic Server 11g: Administration Essentials 15 - 34
Peer-to-Peer Communications
Server B
Server D
Server C
Server A
Answer: 2
With multitier architecture, you can balance load on EJBs clustered across multiple servers.
Quiz
In a multitier cluster architecture where you want to loadbalance EJB objects, you configure them:
1. Within one cluster
2. In different clusters
3. Along with the Web-tier clients in the same server
4. In different domains
Answer: 1
Load balancing in Oracle WebLogic Server works within a cluster. You cannot load balance
across multiple clusters or domains. Because you intend to use multitier cluster, the Web server
and EJB objects need to be separated. So options 2, 3, and 4 are not applicable in this case.
Quiz
Summary
Configuring a Cluster
Objectives
Scenario
The Medical Records department has decided to implement and evaluate clustering on a test
application to better understand the clustering functionality. Before implementing a cluster, you
need to configure the Oracle HTTP Server as the Web tier front end for your applications. You
create a basic cluster using MedRecSvr2 and MedRecSvr3 managed servers. Later, you deploy
and configure the test application so that HTTP session replication is enabled.
Objectives
Road Map
Preparing for a cluster
Cluster architecture
Network and security topology
Machines
Names and addresses
Configuring a cluster
Hardware
Hardware
The main benefits of a cluster are load balancing and failover. If multiple servers in a cluster are
on the same computer, these benefits are minimized. If the computer fails, all the servers on it
fail and, although you may be load balancing, it is still only the computer that handles the
processing.
Load balancers and proxy servers need to know which servers are in a cluster. So, in general,
you need to configure the IP address of each server in a cluster in the load balancer or proxy
server. If the servers are assigned to a machine with a dynamically assigned IP address, the IP
address can change, and the load balancer or proxy server would not be able to find it. So ensure
that you configure the cluster on machines that have static IP addresses.
Cluster Address
Cluster Address
Each ListenAddress:ListenPort combination in the cluster address corresponds to the
managed server and network channel that received the request. The order in which the
ListenAddress:ListenPort combinations appear in the cluster address is random; the
order varies from request to request.
The cluster address forms a portion of the URL that a client uses to connect to the cluster. The
cluster address is used for generating EJB handles and entity EJB failover addresses. (This
address may be either a DNS host name that maps to multiple IP addresses or a commaseparated list of single address host names or IP addresses.)
If network channels are configured, it is possible to set the cluster address on a per-channel
basis.
Road Map
Preparing for a cluster
Configuring a cluster
Administration Console
Configuration Wizard
WLST
Ant
7. Click OK.
Multicast Send Delay: The amount of time (between 0 and 100 milliseconds) to delay
sending message fragments over multicast to avoid operating systemlevel buffer overflow
Multicast TTL: The number of network hops (between 1 and 255) that a cluster multicast
message is allowed to travel. 1 restricts the cluster to one subnet.
Multicast Buffer Size: The multicast socket send or receive buffer size (at least 64
kilobytes)
Idle Periods Until Timeout: The maximum number of periods that a cluster member
waits before timing out a member of a cluster
Enable Data Encryption: The option to enable encryption of data exchanges between
servers in a cluster
connect('myuser','mypass','myhost:7001')
edit()
Create a new
startEdit()
cluster.
cd('/')
cmo.createCluster('HRWebCluster')
cd('/Clusters/HRWebCluster')
cluster = getMBean('/Clusters/HRWebCluster')
cd('/Servers/serverA')
cmo.setCluster(cluster)
cd('/Servers/serverB')
cmo.setCluster(cluster)
cd('/Servers/serverC')
cmo.setCluster(cluster) Assign cluster members.
activate()
disconnect()
exit()
weblogic.management.configuration.ClusterMBean
Answer: 4
Remember that although clusters support a messaging mode for broadcast communication
(unicast or multicast), there is no attribute called broadcast server.
Quiz
Summary
Practice 16 Overview:
Configuring Clusters
Managing Clusters
Objectives
Scenario
You deploy the application that you are using to evaluate the HTTP session failover feature.
Configure Oracle HTTP Server to load balance between two managed servers in a cluster.
Verify that the session failover happens appropriately.
Objectives
Road Map
Deploying applications
Targeting a cluster
instead of a single server
Two-Phase Deployment
2
Distribute application.
Two-Phase Deployment
When deploying applications to a cluster, they must be packaged into a .war, .ear, or .jar
file. WebLogic clusters use the concept of two-phase deployment.
Phase 1: During the first phase of deployment, application components are distributed to
the target server instances and the planned deployment is validated to ensure that the
application components are successfully deployed. During this phase, user requests to the
application being deployed are not allowed. If failures are encountered during the
distribution and validation processes, the deployment is aborted on all server instances,
including those on which the validation succeeded. Files that have been staged are not
removed; however, container-side changes performed during the preparation are reverted.
Phase 2: After the application components are distributed to targets and validated, they are
fully deployed on the target server instances, and the deployed application is made
available to the clients. If a failure occurs during this process, deployment to that server
instance is canceled. However, a failure on one server of a cluster does not prevent
successful deployment on other clustered servers.
If a cluster member fails to deploy an application, it fails at startup in order to ensure cluster
consistency, because any failure of a cluster-deployed application on a managed server causes
the managed server to abort its startup.
The two-phase commit feature enables you to avoid situations in which an application is
successfully deployed on one node and not on the other.
Oracle WebLogic Server 11g: Administration Essentials 17 - 5
Application (Version 1)
Application (Version 2)
Deployed
Server A
Application (Version 1)
Application (Version 2)
Version 2
Server B
Cluster
Road Map
Deploying applications to clusters
HTTP session management
Session persistence is configured using the <sessiondescriptor> element in the weblogic.xml deployment
descriptor file.
Primary
Server
Server
Secondary
Primary = C
Primary = A
3 Secondary
=B
Client
Client
Proxy
Proxy
1
Server A
4
Server B
Server C
ServerA
Server B
2
Primary
Server C
5
Secondary
Secondary
Primary
6 Secondary = B
In-Memory Replication
WLS can replicate:
HttpSession objects
Stateful session EJBs
Cluster
Server 1
Primary
Server 2
Secondary
Primary
Server 3
Secondary
In-Memory Replication
Web application components, such as servlets and JSPs, maintain data on behalf of clients using
an HttpSession instance that is available on a per-client basis.
To provide high availability of Web applications, shared access to one HttpSession object
must be provided. HttpSession objects can be replicated within Oracle WebLogic Server by
storing their data with in-memory replication, file system persistence, or in a database.
With in-memory replication, replicated objects are not accessible on all server instances in the
cluster. Rather, when an object is created, it is called the primary object. On another server
instance, a backup object is created. In the event of a failure of the primary object, the backup
object is promoted as the primary object. If a failover occurs, another backup object is created.
This is optimal because replication of object data must occur only between the primary and
backup objects (rather than the entire cluster).
replicated
replicated-if-clustered
async-replicated
async-replicated-if-clustered
...
<session-descriptor>
<persistent-store-type>replicated</persistent-store-type>
</session-descriptor>
...
Database
Server
Server
Changing session
objects causes (slow)
database
synchronization.
Cluster
Server 1
Servlet1
Servlet2
Connection pools
Server 2
Servlet1
Servlet2
Server 3
Servlet1
HttpSession
objects stored
in database
Servlet2
...
<session-descriptor>
<persistent-store-type>jdbc</persistent-store-type>
<persistent-store-pool>MyDataSource</persistent-store-pool>
</session-descriptor>
...
WL_CONTEXT_PATH
WL_CREATE_TIME
numeric, 20 digits
WL_IS_VALID
char, 1 character
WL_SESSION_VALUES
WL_ACCESS_TIME
numeric, 20 digits
WL_IS_NEW
numeric, 20 digits
Primary
key
Server
File system
Proxy
Server
Server
Cluster
...
<session-descriptor>
<persistent-store-type>file</persistent-store-type>
<persistent-store-dir>/mnt/wls_share</persistent-store-dir>
</session-descriptor>
...
Cookie-based session persistence can simplify management of your Oracle WebLogic Server
installation because clustering failover logic is not required. Because the session is stored in the
browser, and not on the server, you can start and stop Oracle WebLogic Servers without losing
sessions. But remember that cookies can persist only string data and that there is no security on
the data as cookies are passed to and from the browser in clear text.
To set up cookie-based session persistence:
In the <session-param> element of weblogic.xml, set the
PersistentStoreType attribute to cookie
Optionally, set a name for the cookie using the PersistentStoreCookieName
attribute. The default is WLCOOKIE.
Replication Groups
Replication Groups
By default, Oracle WebLogic Server attempts to create replicas of certain services on a machine
other than the one that hosts the primary service.
Oracle WebLogic Server enables you to further control where the secondary states are placed by
using replication groups. A replication group is a preferred list of clustered instances to use for
storing session state replicas. When you configure a server instance that participates in a cluster,
you can assign the server instance membership in a replication group. You can also assign a
preferred secondary replication group to be considered for replicas of the primary HTTP session
states that reside on the server.
When a client attaches to a cluster and creates an instance of a service, that service instance is
automatically replicated in Oracle WebLogic Server (such as an HttpSession or a stateful
session EJB). Oracle WebLogic Server instance that hosts the primary object honors the
preferred secondary replication group if it is configured. Otherwise, a secondary on a remote
machine is chosen for replication before trying to replicate to the local server.
An administrator can configure replication groups to operate such that secondary objects for
replicated services always reside on different hardware. In earlier versions of Oracle WebLogic
Server, the cluster would ensure that a replicated service exists on a different machine. However,
because one computer can host multiple IP addresses and thus multiple machines, a replicated
instance might not be protected from a general hardware failure. The creation of replication
groups solves this issue.
Oracle WebLogic Server 11g: Administration Essentials 17 - 26
Replication Groups
Replication groups:
machine 1
server A
Load
balancer
Client
After failover
cookie
Primary: B
Secondary: C
servlet
primary
state
machine 2
server B
server C
servlet
primary
state
servlet
secondary
state
Firewall
Primary: A
Secondary: B
Road Map
Deploying applications to clusters
HTTP session management
EJB session replication
EJB clustering deployment descriptors
Configuring stateless session beans
Configuring stateful session beans
Troubleshooting a cluster
<stateless-session-descriptor>
<!- Other Tags As Appropriate Here -->
<stateless-clustering>
<stateless-bean-is-clusterable>True</stateless-bean-isclusterable>
<stateless-bean-load-algorithm>random</stateless-beanload-algorithm>
<stateless-bean-call-router-classname>beanRouter</stateless-bean-call-router-class-name>
<stateless-bean-methods-are-idempotent>True</statelessbean-methods-are-idempotent>
</stateless-clustering>
Copyright 2009, Oracle. All rights reserved.
</weblogic-ejb-jar>
<stateful-session-descriptor>
<stateful-session-clustering>
<home-is-clusterable> true
</home-is-clusterable>
<home-load-algorithm> random </home-load-algorithm>
<home-call-router-class-name> common.QARouter
</home-call-router-class-name>
<replication-type>
InMemory </replication-type>
</stateful-session-clustering>
</stateful-session-descriptor>
17 - 37
Read/write
Read-only
Select all valid values for the persistent store type element in
weblogic.xml.
1. file
2. replicated
3. unicast
4. async-replicated-if-clustered
5. jdbc
6. async-wan
Answers: 1, 2, 4, 5
Quiz
Answers: 2, 5
Remember that clustered servers use machine and replication group boundaries to select
destinations for replicated sessions.
Quiz
Answer: 4
By default, in-memory replication involves both the synchronous creation of secondary copies of
primary sessions and the tracking of these primary and secondary copies with cookies.
Quiz
Quiz
Answers: 3, 4
Other types of replication are available for the replication of HTTP sessions only.
Summary
Objectives
Scenario
The Medical Records department has decided to explore the use of the security features provided by
Oracle WebLogic Server to protect the application and other resources deployed in the Oracle
WebLogic Server domain. You create users, groups, simple authentication, and authorization policies
and understand the working of these policies in protecting a typical application.
Objectives
Road Map
Security overview
Java EE
application
Java SE
application
Authentication
Authorization
Credential Store
User/Role
LDAP/Database
servers
Client
EJBs
Web apps
Java 2 Security
Application developer
Authentication
SSPI
Authorization
SSPI
Role Mapping
SSPI
Auditing
SSPI
CertPath
SSPI
Adjudication
SSPI
Credential Mapping
SSPI
Authorization
Role Mapping
Auditing
Certificate Registry
Adjudication
Credential Mapper
Administrator
Copyright 2009, Oracle. All rights reserved.
Security Services
Client
WLS
Access
login LoginModules
sign
validate
Subject
MyEJB.foo()
& Subject
Principal
validators
Role
mapper
get role
is accessed allowed?
Access
decision
adjudicate
Adjudicator
foo()
Resource
Security Services
In a simple authentication, a user (or a client application), also referred to as the subject, attempts to
log in to a system with a username/password combination. Oracle WebLogic Server establishes trust
by validating that users username and password. A principal represents the subject and the subjects
features or properties. A subject can contain multiple principals. When the user (subject) enters the
name and password, these properties and any other related information are encapsulated into the
principal.
The validation of a principal is performed by the principal validator. After successfully proving the
subjects identity, an authentication context is established, which allows an identified user or system
to be authenticated to other entities.
During the authorization process, Oracle WebLogic Server determines whether a given subject can
perform a given operation on a given resource, and returns the result of that decision to the client
application. This process requires the use of access decisions, an adjudication provider, and possibly
multiple role mapping providers.
Roles are obtained from the Role Mapping providers and input to the Access Decisions. The Access
Decisions are then consulted for an authorization result. If multiple Access Decisions are configured
and return conflicting authorization results (such as PERMIT and DENY), an Adjudication provider
is used to resolve the contradiction by returning a final decision.
Authenticate
Confidentiality
Oracle WebLogic Server supports the SSL protocol to enable secure communication between the
applications that are connected through the Web. By default, WebLogic Server is configured for oneway SSL authentication where the managed server is enabled with a digital certificate. Using the
Administration Console, you can configure Oracle WebLogic Server for two-way SSL authentication
where the client and server are both enabled with digital certificates to securely establish their
identity.
To use SSL, you would require a private key, a digital certificate containing the matching public key,
and a certificate signed by at least one trusted Certificate Authority (CA) to verify the data embedded
in the digital certificate. For intermediate authorities, you may need to install the root- trusted CAs
certificate.
SSL server authentication allows a user to confirm a servers identity, through an SSL-enabled client
software using standard techniques of public key cryptography, to verify that a servers certificate
and public ID are valid and have been issued by a CA that is listed in the clients list of trusted CAs.
For example, when sending a credit card number, you may want to check the receiving servers
identity.
Confidentiality
Confidentiality (continued)
SSL client authentication allows a server to confirm a users identity to verify that a clients
certificate and public ID are valid and have been issued by a CA that is listed in the servers list of
trusted CAs. For example, if a bank sends the account information to a customer, this check may be
essential.
The SSL protocol includes two subprotocols: the SSL record protocol, which defines the format that
is used to transmit data, and the SSL handshake protocol to exchange a series of messages between
an SSL-enabled server and an SSL-enabled client when the SSL connection is established.
Credential Mapping
A credential map is a mapping of credentials used by Oracle WebLogic Server to credentials that are
used in a legacy (or a remote) system to connect to a given resource in that system. Credential maps
allow Oracle WebLogic Server to log in to a remote system on behalf of a subject that has already
been authenticated.
A credential mapping provider of WLS can handle several different types of credentials, such as
username/password, Kerberos tickets, and public key certificates. Credential mappings can be set in
deployment descriptors or through the Administration Console.
You can configure multiple credential mapping providers in a security realm. The security
framework makes a call to each credential mapping provider to determine whether it contains the
type of credentials requested by the container. The framework accumulates and returns all the
credentials as a list.
Credential Mapping
Road Map
Security overview
Users and groups
Security realms
Embedded LDAP
Configuring users, groups, and roles
Defined users,
groups,
security roles
Scoped
roles,
policies
Security
provider
data
Security
provider
WLS
resource
Security Realms
A security realm is a mechanism for protecting Oracle WebLogic Server resources, such as
authenticators, adjudicators, authorizers, auditors, role mappers, and credential mappers. Oracle
WebLogic Server resources in a domain are protected under only one security realm and by a single
security policy in that security realm. A user must be defined in a security realm in order to access
any resources belonging to that realm. When a user attempts to access a particular Oracle WebLogic
Server resource, Oracle WebLogic Server tries to authenticate the user and then authorize the user
action by checking the access privileges that are assigned to the user in the relevant realm.
Security Realms
Security Model
Deployment
Descriptor Only
(Java EE standard)
Deployment descriptors:
web.xml and weblogic.xml
ejb-jar.xml and weblogicejb-jar.xml
Custom Roles
Advanced
Configurable
Vendors
Policy statement 1:
Role mapping
Policy
Condition 1
Met ?
Security role
Yes
Employees
Policy statement 2:
Access to /benefits allowed 08:0018:00
Policy
Condition 2
Met ?
Security
role
Yes
Protected
WebLogic
resource
Partners
Groups are:
Logical sets of users
More efficient for managing a large number of users
Groups
WLS provides the flexibility to organize groups in various ways:
Groups can contain users.
Groups can contain other groups.
Tim
Employees
Colleen
Joe
Managers
Groups
Groups can be organized in arbitrary ways, thereby providing greater flexibility. In this example, all
the users (Sarah, Tim, Colleen, and Joe) are members of the Employees group. Joe is also a member
of the Managers group. All Managers are also Employees.
Managing groups is more efficient than managing large numbers of users individually. For example,
an administrator can specify permissions for 50 users at one time if those 50 users belong to the same
group. Usually, group members have something in common. For example, a company may separate
its sales staff into two groups: Sales Representatives and Sales Managers. This is because staff
members have different levels of access to the Oracle WebLogic Server resources depending on their
job descriptions.
Oracle WebLogic Server can be configured to assign users to groups. Each group shares a common
set of permissions that govern its member users access to resources. You can mix group names and
usernames whenever a list of users is permitted.
Sarah
Road Map
Security overview
Users and groups
Roles and policies
Security roles
Security policies
Defining policies and roles
Protecting Web resources
Protecting other resources
Security Roles
A security role is a privilege granted to users or groups based on specific conditions. Similar to
groups, security roles allow you to restrict access to WebLogic resources for several users
simultaneously. However, unlike groups, security roles:
Are evaluated and granted to users or groups dynamically, based on conditions such as
username, group membership, or the time of day
Can be scoped to specific WebLogic resources within an application in a WebLogic Server
domain (unlike groups, which are always scoped to an entire WebLogic Server domain)
Granting a security role to a user or a group confers the defined access privileges to that user or
group as long as the user or group is in the security role. Multiple users or groups can be granted a
single security role. A role definition is specific to a security realm.
A role can be defined as global or scoped.
WLS defines a set of default global roles for protecting all the WebLogic resources in a domain. A
scoped role protects a specific resource, such as a method of an EJB or a branch of the JNDI tree.
Most roles are scoped.
Note that by default no security role is enforced and therefore all the resources can be accessed by
any user.
Security Roles
Security Policies
Oracle WebLogic Server provides security policies and roles as two mechanisms that are used
together to control access to or protect resources. The security realm that Oracle WebLogic Server
provides stores policies in the embedded LDAP server.
You can create a root-level policy that applies to all instances of a specific resource type. For
example, you can define a root-level policy that applies to all JMS resources in your domain.
You can also create a policy that applies to a specific resource instance. If the instance contains other
resources, the policy will apply to the included resource as well. For example, you can create a policy
for an entire Enterprise Archive (EAR), an EJB JAR containing multiple EJBs, a particular EJB
within that JAR, or a single method within that EJB.
The policy of a narrower scope overrides the policy of a broader scope. For example, if you create a
security policy for an EAR and a policy for an EJB that is in the EAR, the EJB will be protected by
its own policy and will ignore the policy for the EAR.
Security Policies
Policy Conditions
Policy conditions are the essential components of a policy.
The WebLogic Server authorization provides three kinds of
built-in policy conditions in the Administration Console:
Basic policy conditions
Date and Time policy conditions
Context Element policy conditions
Policy Conditions
To determine who can access a resource, a policy contains one or more conditions. The most basic
policy simply contains the name of a security role or a principal. For example, a basic policy might
simply name the global role Admin. At run time, the WebLogic Service interprets this policy as
allow access if the user is in the Admin role.
You can create more complex conditions and combine them using the logical operators AND and OR
(which is an inclusive OR). You can also negate any condition, which would prohibit access under
the specified condition.
WebLogic Server by default provides three kinds of conditions:
Basic: This can be used to allow or deny access to every one or specific users, groups or roles.
Date and Time: When you use any of the date and time conditions, the security policy grants
access to all users for the date or time you specify, unless you further restrict the users by
adding one of the other conditions.
Context Element: You can use the context element conditions to create security policies based
on the value of HTTP Servlet Request attributes, HTTP Session attributes, and EJB method
parameters. WebLogic Server retrieves this information from the ContextHandler object and
allows you to define policy conditions based on the values. When using any of these conditions,
it is your responsibility to ensure that the attribute or parameter/value pairs apply to the context
in which you are using them.
2
Example URL patterns:
URL Pattern
Role Name
/*
/*.jsp
employee
/EastCoast/*
east-coaster
Credentials
Backup settings
Cache settings
Replication settings
Configuring Authentication
Configure how users will be authenticated in your Web application using the <login-config>
element. J2EE provides three types of authentication:
BASIC: A Web browser is used to display a dialog box with fields for a username and
password.
FORM: A specified HTML page, JSP, or servlet is used to display an HTML form with the
username and password text fields. The generated form must conform to a set of specifications.
Use the <form-login-config> element to specify the resource that contains the form.
The <form-error-page> element defines the JSP, servlet, or HTML file to display if the
users credentials are invalid.
CLIENT-CERT: WebLogic Server may receive digital certificates as part of Web Services
requests, two-way SSL, or other secure interactions. To validate these certificates, WebLogic
Server includes a Certificate Lookup and Validation (CLV) framework, whose function is to
look up and validate X.509 certificate chains. The key elements of the CLV framework are
CertPathBuilder and CertPathValidators. The CLV framework requires one and only one active
CertPathBuilder which, given a reference to a certificate chain, finds the chain and validates it,
and zero or more CertPathValidators which, given a certificate chain, validates it.
Configuring Authentication
Authentication Examples
FORM-based
authentication
Authentication Examples
Oracle WebLogic Server supports three types of authentication for Web browsers:
BASIC
FORM
With BASIC authentication, the Web browser displays a dialog box in response to a WebLogic
resource request. The login screen prompts the user for a username and password. The slide shows a
typical login screen.
When using FORM authentication with Web applications, you provide a custom login screen that the
Web browser displays in response to a Web application resource request and an error screen that
displays if the login fails. The login screen can be generated using an HTML page, JSP, or servlet.
The benefit of FORM-based login is that you have complete control over these screens. You can
design them to meet the requirements of your application or enterprise policy or guideline.
The login screen prompts the user for a username and password.
BASIC
authentication
Summary
Objectives
Road Map
Certificates
Configuring SSL
What Is SSL?
The SSL protocol offers security to applications that are connected through a network. Specifically,
the SSL protocol provides the following:
A mechanism that the applications can use to authenticate each others identity
Encryption of the data that is exchanged by the applications
Data integrity, whereby the data that flows between a client and a server is protected from
tampering by a third party
When the SSL protocol is used, the target always authenticates itself to the initiator. Optionally, if
the target requests it, the initiator can authenticate itself to the target. Encryption makes the data that
is transmitted over the network intelligible only to the intended recipient. An SSL connection begins
with a handshake during which time the applications exchange digital certificates, agree on the
encryption algorithms to be used, and generate the encryption keys to be used for the remainder of
the session.
What Is SSL?
Trust:
Certificates of trusted certificate authorities
HTTPS or t3s
Oracle WebLogic Server
Oracle WebLogic Server supports HTTPS with Web browsers that support SSL version 3. Java
clients connect to Oracle WebLogic Server with the SSL protocol tunnel over Oracles multiplexed
t3 protocol. For example:
t3s://myserver.com:7002
Java clients running in Oracle WebLogic Server can also establish either t3s connections to other
Oracle WebLogic Servers, or HTTPS connections to other servers that support the SSL protocol,
such as Web servers or secure proxy servers. Browsers connect securely to Oracle WebLogic Server
by specifying the appropriate protocol (that is, HTTPS) in the requested URL, whereas Java clients
have a variety of options available to them when setting up secure connections. Java clients can use
the SSL libraries in Oracle WebLogic Server to provide the SSL socket or, alternatively, they can use
an SSL provider such as Sun Microsystems Java Secure Socket Extension (JSSE) as the SSL socket.
https://localhost:7002/orderStock
t3s://localhost:7002/useCreditCard
Finally, clients can use another SSL providers implementation to set up a secure connection with
WLS. Sun Microsystems JSSE implementation is a popular choice. JSSE has been integrated into
the Java 2 SDK, Standard Edition (J2SDK), v 1.4. It is a collection of Java packages that allow for
secure Internet communications. It is a Java implementation of the SSL and Transport Layer Security
(TLS) protocols that allow for encryption, authentication (both server and client), and message
integrity. After the client imports the proper packages and initializes the JSSE service, it uses the
standard java.net.HttpURLConnection to create a secure connection.
Clients can also use JNDI to set up an SSL connection (for example, to an EJB). This can be done by
specifying a t3s connection within PROVIDER_URL and strong as the
SECURITY_AUTHENTICATION type when populating the Hashtable object that is used to create
the JNDI InitialContext.
keytool Utility
keytool Utility
The Sun Microsystems keytool utility can also be used to generate a private key, a self-signed
digital certificate for Oracle WebLogic Server, and a Certificate Signing Request (CSR). Submit the
CSR to a certificate authority to obtain a digital certificate for Oracle WebLogic Server.
You can use the keytool utility to:
Update the self-signed digital certificate with a new digital certificate
Obtain trust and identity when using Oracle WebLogic Server in a production environment
For more information about Suns keytool utility, see the keytool Key and Certificate
Management Tool description at http://java.sun.com/j2se/1.5.0/docs/tooldocs/windows/keytool.html.
Note: When you use the keytool utility, specify an algorithm different from the default Digital
Signature Algorithm (DSA) such as RSA because Oracle WebLogic Server does not support DSA.
Certificates from CAs are not always completely compatible. Most of the major CAs allow you to
specify the server vendor to ensure compatibility. For other CAs, specify either the X.509 or PKCS#7
format for the certificate that you receive in response to a CSR that you submit. The JDKs
keytool utility can import X.509 v1, v2, and v3 certificates, as well as the PKCS#7 formatted
certificate chains into a keystore for use by WLS.
Configuring Keystores
Keystores ensure the secure storage and management of private keys and trusted CAs. WebLogic
Server is configured with a default identity keystore (DemoIdentity.jks) and a default trust
keystore (DemoTrust.jks). In addition, WebLogic Server trusts the CA certificates in the JDK
cacerts file. This default keystore configuration is appropriate for testing and development
purposes. However, these keystores should not be used in a production environment.
After you configure identity and trust keystores for a WebLogic Server instance, you can configure
its SSL attributes. These attributes include information about the identity and trust location for
particular server instances.
For purposes of backward compatibility, with WebLogic Server, you can store private keys and
trusted certificates authorities in files or in the WebLogic Keystore provider. If you use either of
these mechanisms for identity and trust, select the Files or Keystore Providers (Deprecated) option on
the Configuration: SSL page.
Configuring Keystores
Road Map
WLS Security Architecture overview
Users and groups
Protecting application resources
Protecting communications
Protecting against attacks
Types of attacks
Protecting against man-in-the-middle attacks
Protecting against denial of service (DoS) attacks
Protecting against large buffer attacks
Protecting against connection starvation
Client
Man-in-the-Middle Attacks
When you use SSL, servers that do not use a certificate signed by a trusted CA are vulnerable to the
man-in-the-middle attacks.
If a client accepts the attackers certificate, the man-in-the-middle can decrypt and forward the
traffic to and from the real destination host and monitor it.
Man-in-the-Middle Attacks
Man-in-the-Middle: Countermeasures
A Hostname Verifier is useful when an Oracle WebLogic Server or a WebLogic client acts as an SSL
client to another application server. It prevents the man-in-the-middle attacks.
By default, Oracle WebLogic Server, as a function of SSL handshake, compares the common name
in SubjectDN of the SSL servers digital certificate with the host name of the SSL server that is
used to initiate the SSL connection. If these names do not match, the SSL connection is dropped. The
dropping of the SSL connection is caused by the SSL client, which validates the host name of the
server against the digital certificate of the server.
If anything but the default behavior is desired, you can either turn off host name verification or
register a custom Hostname Verifier. Turning off host name verification leaves Oracle WebLogic
Server vulnerable to the man-in-the-middle attacks.
Note: Turn off host name verification when you use the demo digital certificates that are shipped
with Oracle WebLogic Server. You can turn off host name verification in the following ways:
In the Administration Console, select the Hostname Verification Ignored attribute under the
SSL tab on the Server node.
On the command line of the SSL client, enter the following argument:
-Dweblogic.security.SSL.ignoreHostnameVerification=true
Man-in-the-Middle: Countermeasures
where hostnameverifier is the name of the class that implements the custom
Hostname Verifier.
Connection Filter
Using the Administration Console, access the domain (top) node in the navigation panel.
1. Click the Security > Filter tab.
2. After adding Filter Rules, click Save.
3. In the Connection Filter field, specify the connection filter class to be used in the domain.
To configure the default connection filter, specify
weblogic.security.net.ConnectionFilterImpl.
To configure a custom connection filter, specify the class that implements the network
connection filter. This class must also be present in CLASSPATH for Oracle WebLogic
Server.
Connection Filter
Connection Starvation
Another way that individuals can try and harm a Web site is by sending small, incomplete messages
to the server. The server then waits for the completion of the message, in effect unduly burdening the
server. Oracle WebLogic Server enables administrators to set a threshold for the time Oracle
WebLogic Server will wait for the completion of the message. The administrator sets the time-out
feature in the Administration Console and any connections that are still waiting for the completion of
the message longer than this limit are canceled.
Connection Starvation
Connection Starvation
User Lockout
User Lockout
Password guessing is a common type of security attack. In this type of attack, a hacker attempts to
log in to a computer by using various combinations of usernames and passwords. Oracle WebLogic
Server provides a set of attributes to protect passwords and user accounts in a security realm.
Unlocking Users
If a user unsuccessfully attempts to log in to a WebLogic Server more than the configured number of
retry attempts, they are locked out of further access. The Unlock User page allows you to unlock a
locked user so that they can log in again.
Note: If a user account becomes locked and you delete the user account and add another user account
with the same name and password, the User Lockout attribute will not be resetthat is, the added
user may remain in the lockout status.
Unlocking Users
Answer: 3.
Quiz
Quiz
Answer: 2.
Summary
Objectives
Scenario
As the middleware administrator, you need to plan a reasonable backup strategy that balances
risk against inconvenience. Backing up once a month is too infrequent, whereas once an hour is
too frequent, so what is the right balance? Given that you will do far more backups than
recoveries, a plan that favors backup by shortening the time to create the backups at the expense
of lengthening and complicating the recovery might be worth trying. Given that different backup
strategies cause different kinds of recoveries, you plan to time how long it takes to do a recovery
to help create service-level agreements (SLA).
Note the distinction between restore and recover: restore is a pure file system copy operation,
whereas recovery is restore plus some extra operations.
Objectives
Road Map
Backup
Full
Incremental
Recovery
Online
Offline
Instance I
Admin server C
Managed
server D
Application
F
Web Cache
K
config.xml
Managed
server E
Node
Manager N
Application
F
Database L
Metadata M
OS
JMS appl
G
SOA appl
H
Persistent
store O
Persistent
store P
Administration
Console
HTTP
server J
J. Oracle HTTP Server: Based on the Apache 2.2.10 infrastructure, this includes modules
developed specifically by Oracle. The features of single sign-on, clustered deployment,
and high availability enhance the operation of Oracle HTTP Server.
K. Web Cache: Because this is a cache, there is no permanent data to back up or recover, but
there are configuration files and logs. Because there is no live data that you care about, the
backup can be performed online. There is no need to worry about consistency or run-time
artifacts.
L. Database: Assuming this is an Oracle database, the backup tool is Recovery Manager
(RMAN), capable of performing online backups and automated recovery to either any
point in time or a complete recovery. A Flashback log (if configured) also provides a
rolling recovery window. If the environment permits offline backup, after the processes are
all stopped, a simple OS copy of all files will work. RMAN tasks are typically performed
by the DBA and are outside the scope of this course.
M. Metadata: Required for SOA, this is created by RCU. Use the database tools for backup
and recovery.
N. Node Manager: One per host, the Node Manager can autorestart managed servers that
fail.
O. Persistent store: This is an OS file that could contain JMS transactions.
P. Persistent store: This is a database schema that could contain JMS transactions. Use the
database tools for backup and recovery.
Static artifacts: The program binaries do not change very often. Their backup schedule might
be only after patches, monthly, or even longer.
Run-time artifacts: These objects change frequently, even multiple times per second in the case
of logs. Configuration objects may change several times per day, though typically they remain
unchanged for long periods of time.
Persistent stores: These objects may change very frequently, even hundreds of times per
second, depending on the volume of data traffic. A high-performance solution may be required
so as to not lose data.
<ORACLE_HOME>
<MW_HOME>
<JAVA_HOME>
one of many
<WL_HOME>
/u01/app/oracle
/instances/config/OHS
/oradata
/oraInventory
/product
/db/11.1.0/orcl
/fmw/11.1.0
/jrockit_160_xxx
/webtier
/wlserver_10.3
/user_projects
/applications
/domains
Recovery
Unscheduled (usually)
At least annually (if
only to test procedures)
Not necessarily the reverse of
backup, may be new tools
Backup
Scheduled
At least weekly
(to capture logs)
Different tools for different
components
Backup and recovery policies may impact your business both financially and in terms of
availability (required maintenance windows).
Types of Backups
Online
Nondisruptive
Possibly inconsistent
Can be tricky, especially for database
Offline
Requires all processes be stopped
Very easy
Full
Easier to recover
Slower to create
Incremental
Harder to recover
Faster to create
Copyright 2009, Oracle. All rights reserved.
Types of Backups
Online
If your environment requires 24x7 availability, you have no choice but to perform an online
backup. Different components require different tools to perform online (also known as hot or
inconsistent) backups. Inconsistent is not bad in itself; it just means that if the backup takes an
hour to complete and you start at 1:00 AM, the files at 1:02 AM will be in a different state than
those backed up at 1:59 AM. To accommodate this, there needs to be some kind of online
transaction log recording the changes occurring from 1:00 AM until 2:00 AM. This log needs to
be incorporated into the recovery, and the logs themselves get backed up at a different time
(usually, after they rotate).
Offline
If you can afford to shut down the entire middleware tier (application servers, database, Web
servers, and so on) for maintenance during some regularly scheduled time, an offline (also
known as cold or consistent) backup is very simple. Using OS tools such as TAR or ZIP, the
backup is guaranteed to be consistent. Make sure you preserve file permissions on UNIX
systems.
Backup Recommendations
The initial software installation and most patches and upgrades require the servers to be offline
anyway, so before and after the patches and upgrades is a good time to perform backups.
Many of the online configuration backups can be automatic by enabling configuration archive
(discussed in the following slides).
The database should be in archivelog mode and then backed up with RMAN. In addition, the
database should be configured with redundant critical files (for example, control files) and
multiplexed critical logs (for example, redo logs). As an added high availability measure, the
database can be made completely redundant by using RAC.
Backup Recommendations
There may be more sophisticated options to exclude /tmp/ files and to include parts of other
applications, but this will do as a start. The sequence number 1, 2, 3, might be replaced with the
date_time in the name of the TAR file. If the directories are backed up from the root, you do not
need to worry about where to recover them to; that information will be part of the backup.
Disabled
by default
Stop the Web tier (Oracle HTTP Server and Oracle Web
Cache):
opmnctl stopall
opmnctl status
Store it offsite.
Road Map
Backup
Recovery
Directories to Restore
Binaries
Be mindful of preserving group ownership and permissions.
This should be read-only for most users.
Configurations
Logs are:
Not required for recovery
Created if they do not exist
Data
Database restores data within tablespaces, not directories.
RMAN restore brings data up to the last backup,
then recover brings data up to a later point in time.
Copyright 2009, Oracle. All rights reserved.
Directories to Restore
In most cases, recovery is performed offline. If you think that only one or two files are missing,
you may be tempted to recover only those individual files from the system. But, instead, you
should always recover whole directories because there may be other files that are related to these
files.
If the directories were backed up from the root, you do not need to worry about where to recover
them to. The full path information will be provided to the operating system because it is
contained in the backup. Restore them as the root user, from the root directory, and they will
go back to their correct hierarchies. Do not forget the p switch in the tar or jar command to
get the original owner and group information correct.
Data loss
User error
Malicious attack
Corruption of data
Media failure
Application failure
Recovery of Homes
Make sure that all Fusion Middleware software is stopped so that this is an offline recovery. The
most important rule in problem resolution is: Do not make the problem worse. By performing
the two extra backups, you guarantee that you can at least put everything back to the way it was
before you tried to help.
Assume that the last good backup was sequence number 9. As an example, here is how to
recover a damaged Instance home:
In the Administration Console, shut down all servers including the administration
server:
opmnctl stopall
In SQL*Plus, shut down the database cleanly, that is, using immediate:
lsnrctl stop
tar zcvpf mycheckpoint.tar /u01/app/oracle
tar zxvpf myinstance09.tar
tar zcvpf myfullbackup10.tar /u01/app/oracle
lsnrctl start
Recovery of Homes
Enabled
by default
Managed
ServerA
192.168.0.11
NEW
AdminServer1
192.168.0.2
Managed
ServerB
192.168.0.12
Managed
ServerC
192.168.0.13
Recovery of a Cluster
All the methods require stopping the cluster itself using WebLogic Scripting Tool (WLST) or the
Administration Console. The first two methods do not require stopping any other processes,
which means that it can be an online recovery. The remaining methods require stopping all
processes and performing an offline recovery.
Recovery of a Cluster
Answer: 2
To be consistent, the Middleware software must be completely stopped.
Quiz
Answer: 1
In a hot backup, the files are inconsistentthat is, some files may have different time stamps
and need to be reconciled via a transaction log.
Quiz
Quiz
Answer: 3
In TAR, use the p option to preserve the permissions.
Quiz
Answer: 2
You need to enable the configuration archive by selecting Domain > Configuration > General >
Advanced.
Answer: 4
You can have only one administration server at a time; the backup administration server must be
cold.
Quiz
Summary
Practice 20 Overview:
Backing Up and Restoring Configuration and Data
Appendix A
Practices and Solutions
Table of Contents
Big Picture:
Although all the host names are identical, the numbered designators (including host
aliases) are unique. There is no obvious correlation between the PC number and the VX
number and the IP addresses.
Lab Familiarity
3) From your Windows Start menu, select Start > All Programs > NX Client for
Windows > NX Connection Wizard. The Welcome page appears.
4) Click Next.
5) On the Session page, in the Session field, enter any name to identify this sessionfor
example, WLS-Labs or your own name.
6) In the Host field, enter the host name given to you by the instructor. Leave all the
other values and settings as the defaults. Click Next.
7) On the Desktop page, select GNOME in the second drop-down list. Change the size
of the remote desktop to 1024x768. Click Next.
Field
Host name
Host IP address
Username
User password
b) For your convenience, you can invoke different applications to full screen on each
desktop appropriately.
i) You can invoke a Gnome terminal on the first desktop by using the Terminal
icon on the desktop.
ii) Invoke a Web browser on the second desktop by using the icon on the menu
bar.
a) You will notice four palettes at the bottom right of your remote machine. Each of
them represents a desktop on the remote machine.
11) Oracle Database 11g and Oracle HTTP Server 11g have already been installed and
configured in your remote machine. Using the File Browser desktop on the remote
machine, navigate through the installation and configuration directories.
a) On the desktop, with File Browser, navigate the File System tree to the
/u01/app/oracle/product/db/11.1.0/orcl folder. This folder is the
ORACLE_HOME folder for the database. The database executables are in this
folder.
iii) Invoke a file browser in the third desktop by using Applications > System
Tools > File Browser.
12) Using the Gnome terminal session, perform the following steps to get familiar with
the scripts that you will use in the practices.
a) The wls-sysadm folder contains all the scripts and applications that you will use
in the practices for this course. Navigate to the wls-sysadm subfolder in your
$HOME folder (/home/oracle) and list the files in this folder:
ii) If the preceding command does not return the ora_pmon_orcl row, you
need to start the database using the start_db.sh script in the wls-sysadm
subfolder:
$ wls-sysadm> ./start_db.sh
13) Close the NX Client window. Click Disconnect. This allows you to resume where
you left off the next time. Note that if you click Terminate, you may have to set up
your remote desktop environment (in the preceding step 10) again.
14) In later labs, you will be able to use the local Web browser as well as the remote Web
browser for accessing the WebLogic Server Administration Console.
$> cd /home/oracle/wls-sysadm
$ wls-sysadm> ls
Choices or Values
Click Next.
Select Create a new Middleware Home.
In Middleware Home Directory, enter
/u01/app/oracle/product/fmw/11.1.0,
c.
d.
e.
f.
g.
h.
i.
Installation Complete
$> ./wls1031_ccjk_linux32.bin
c) Similarly, locate common > bin in <WL_HOME> and view the list of
configuration scripts.
2) Using the remote desktop with Gnome Terminal, view the setWLSEnv.sh script to
see which environment variables are set. Then run the script and verify that the
variables are appropriately set.
b) Run the following script: (Use source to ensure that the variables are set for the
entire session and not just within the script shell itself.)
$> source ./setWLSEnv.sh
$WL_HOME
$MW_HOME
$JAVA_HOME
$ANT_HOME
This makes navigating the directories much faster and less prone to typographical
errors. You use this script to set your environment variables for every lab from
this point forward. It needs to be done only once per session.
Big Picture:
Configuring a Domain
1) Using the Configuration Wizard, configure a domain with the following parameters:
Screen/Page
Description
Domain Name
Location
Administrative User
name / password
Start Mode / JDK
Name of
Administration Server
Managed Servers
Choices or Values
testDomain
/u01/app/oracle/user_projects/domains/
weblogic/Welcome1
Production Mode/JRockit
testAdminSvr
testServer
b) Specify the following values on the Configuration Wizard pages. Note that most
values are case-sensitive:
Big Picture:
d. Configure
Administrator User
name and Password
e. Configure Server
Start Mode and JDK
f. Select Optional
Configuration
g. Configure the
Administration
Server
h. Configure Managed
Servers
i. Configure Clusters
j.
Configure Machines
k. Configuration
Summary
l.
Creating Domain
Choices or Values
Select Create a new WebLogic domain. Click Next.
Do not select any other component. Basic WebLogic Server
Domain is already selected. Click Next.
In Domain name, enter testDomain. All names are casesensitive.
In the Domain location, change it to
/u01/app/oracle/user_projects/domains. The idea
is to separate configuration data from the executables. If the
directory does not exist, create it.
User name: weblogic
User Password: Welcome1
Confirm password: Welcome1
Description: (leave the default)
Click Next.
Select Production Mode. Click Next.
Select Administration Server and Managed Servers, Clusters
and Machines. Click Next.
Change the name to testAdminSvr. Click Next.
Click Add. Change the name to testServer1. Click Next.
There will not be any clusters on this simple domain. Click
Next.
There will not be any machines on this simple domain. Click
Next.
Notice the two servers that you renamed. Everything should
have a prefix of test. See the following screenshot. Click
Create.
Screen/Page
Description
a. Welcome
b. Select Domain
Source
c. Specify Domain
name and Location
c) You have now finished creating the test domain, and you will not need it for the
rest of the class.
b) View config.xml in the config subfolder. This file contains the specifications
for the domain that you just configured. Look for the names testDomain,
testAdminSvr, and testServer1. Note the listen ports and the encrypted
password values.
1) Using the Configuration Wizard, configure a domain with the following parameters:
Screen/Page Description
Domain Name
Location
Administrative User name /
password
Start Mode / JDK
Administration Server
Managed Servers
Machines
Choices or Values
MedRecDomain
/u01/app/oracle/user_projects/domains/
weblogic/Welcome1
Production Mode/JRockit
MedRecAdmSvr Port 7020
Big Picture:
c.
Choices or Values
Select Create a new WebLogic domain. Click
Next.
Do not select any other component. Basic
WebLogic Server Domain is already selected.
Click Next.
In Domain name, enter MedRecDomain. All
names are case-sensitive.
In the Domain location, change it to
d.
Configure Administrator
User name and Password
e.
f.
g.
h.
Configuration Summary
Click Next.
User name: weblogic
User Password: Welcome1
Confirm password: Welcome1
Description: (leave the default)
Click Next.
Select Production Mode. Click Next.
Select Administration Server and click Next.
Change the name to MedRecAdmSvr. Change the
Listen port to 7020. Leave SSL disabled. Click
Next.
Notice the administration server. Everything
should have a prefix of MedRec. Click Create.
i.
j.
Creating Domain
3) Navigate to the domain that you just created. List the files and folders just created:
$> cd /u01/app/oracle/user_projects/domains/MedRecDomain
$> ls -l
/u01/app/oracle/user_projects/domains.
4) View the config.xml file in the config subfolder. This file contains the specifications
for the domain that you just configured. Look for the names MedRecDomain and
MedRecAdminSvr. Note the listen ports and the encrypted values.
c.
d.
e.
f.
g.
h.
Select Extension
Source
Choices or Values
Select Extend an existing WebLogic domain. Click Next.
Navigate to /u01/app/oracle/user_projects
/domains/MedRecDomain. Note that the valid targets have a
blue jar icon on the folders. Click Next.
Select Extend my domain using an existing extension
template. Enter /home/oracle/wlssysadm/labs/Lab05/MedRecResources.jar as the
location (or you can browse to it). Click Next.
Accept the defaults and click Next. Ensure that the database is
running.
If the test is successful, click Next.
Configuration
Summary
These are the same screens you saw earlier when you created
MedRecDomain, so there is no need to do anything additional.
Click Next.
The Deployment view shows all the applications and libraries
that have been deployed. The administrator did not have to
know anything about them; it was all included in the template.
Click Extend.
Step Screen/Page
Description
a.
Welcome
b.
Select a WebLogic
Domain Directory
Step Screen/Page
Description
Choices or Values
i.
Creating Domain
3) Use the Start MR Admin icon on the desktop to start the administrative server of
MedRecDomain. Enter the username (weblogic) and password (Welcome1) in the
Admin Server terminal window. Make sure that the last message is <Server started
in RUNNING mode>.
a) Stop the administration server by running stopWebLogic.sh from the bin
folder of the domain.
$> cd
/u01/app/oracle/user_projects/domains/MedRecDomain/bin
$> ./stopWeblogic.sh
Big Picture:
b) Log on with weblogic as the username and Welcome1 as the password. If the
browser offers to remember the password, click Yes.
3) In a gnome terminal session, use the /sbin/ifconfig command to find the IP
address assigned to the Ethernet adapter 0. It should be a private address in the form
10.x.y.z. For example:
4) On the Windows (local) desktop, open a Web browser (you can use Internet Explorer
or Firefox) and access the URL http://10.x.y.z:7020/console, where 10.x.y.z is the
address you found in the previous step. Log on with weblogic as the username and
Welcome1 as the password. If the browser offers to remember the password, click
Yes. Bookmark this page. Note that two people can sign on at the same time with the
same username.
The Home page gives yet another way to get to the same Summary of Servers page.
Click Servers in the middle of the Home page.
8) You can refresh the entire Web page just as you would with any browser, or you can
set some tables to autorefresh. On the Summary of Servers table, there is a cycle
that will make the table refresh repeatedly. Click the symbol. While
symbol
refreshing, the cycle icon spins and the last refresh date/time is displayed. Click it
again to make it stop.
9) In the Domain Structure, click MedRecDomain. There are two levels of tabs shown.
10) Scroll down in the Settings for MedRecDomain > Configuration > General. At the
bottom of many pages is an Advanced toggle
. By clicking it, you can
see an additional set of configuration parameters. Clicking it again will hide the
advanced options.
2) In the Change Center, click Lock & Edit again. Change the Rotation file size 5001
back to 5000. Click Save. Do not activate anything.
3) In the Change Center, click View changes and restarts. Here, you can selectively
undo changes. Click Undo All Changes.
b) Click the Logging tab. Note that the Rotation file size 5000 is disabled.
$ cd
/u01/app/oracle/product/fmw/11.1.0/wlserver_10.3/server/bin
$ source ./setWLSEnv.sh
b) Invoke WLST as follows: (Remember that the Java executables are casesensitive.)
$ java weblogic.WLST
d) Browse using UNIX-like commands. You should see the administration server
and the two managed servers:
wls:/MedRecDomain/serverConfig> cd('Servers')
wls:/MedRecDomain/serverConfig/Servers> ls()
dr-MedRecAdmSvr
dr-MedRecSvr1
dr-MedRecSvr2
wls:/MedRecDomain/serverConfig/Servers>
e) Back up a level and see what else is at the same level as Servers. You will see
several items. Scroll to look at the list. Items flagged with a leading d are
directories that you can cd (change dir) to. Items flagged with r are readable
attributes that you can view:
wls:/MedRecDomain/serverConfig/Servers> cd ('../')
wls:/MedRecDomain/serverConfig> ls()
dr-AdminConsole
dr-AppDeployments
dr-BridgeDestinations
dr-Clusters
dr-CustomResources
dr-DeploymentConfiguration
f) Get the status of MedRecServer2 Startup Mode. It should say RUNNING. You can
retrieve other information from this server.
a) Open a terminal session on the Linux desktop. To ensure that the environment
variables are set, run the setWLSEnv.sh script from your WL_HOME/server/bin
folder.
2) Change the value of the Rotation file size from 5001 to 5002 using WLST.
edit()
startEdit()
cd('/Servers/MedRecAdmSvr/Log/MedRecAdmSvr')
get('FileMinSize')
cmo.setFileMinSize(5002)
get('FileMinSize')
save()
activate()
disconnect()
exit()
If you disconnected before saving, the change is not committed. The stepssave,
activate, disconnect, and exitare common to all configuration scripts.
wls:/MedRecDomain/serverConfig/Servers/MedRecSvr2> edit()
Location changed to edit tree.
wls:/MedRecDomain/edit> startEdit()
Starting an edit session ...
wls:/MedRecDomain/edit !>
cd('/Servers/MedRecAdmSvr/Log/MedRecAdmSvr')
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r !> get('FileMinSize')
5001
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r !> cmo.setFileMinSize(5002)
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r !> get('FileMinSize')
5002
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r !> save()
Saving all your changes ...
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r !> activate()
Activating all your changes, this may take a while ...
wls:/MedRecDomain/edit/Servers/MedRecAdmSvr/Log/MedRecAdmSv
r> disconnect()
Disconnected from weblogic server: MedRecAdmSvr
wls:/offline> exit()
a) Use the following WLST commands sequence: (Note the use of directory paths.)
Big Picture:
Step
a.
b.
c.
d.
Property Name
Server Name
Server Listen Address
Server Listen Port
Cluster
Choices or Values
MedRecSvr3
(leave it blank)
7025
None (Standalone)
Choices or Values
Server Name: MedRecSvr3
Server Listen Address:
(leave blank)
Server Listen Port: 7025
Select No, stand-alone server.
Click Next.
Review Choices
Click Finish.
By leaving Listen Address blank, you can use any name in a URL that resolves to
the same host regardless of the IP address.
f) In the Change Center, click Activate Changes.
2) Similarly, create the MedRecSvr4 managed server using the Administration Console
with the following properties:
Property Name
Server Name
Server Listen Address
Server Listen Port
Cluster
Choices or Values
MedRecSvr4
(leave it blank)
7027
None (Standalone)
1) Using the Administration Console, create a new managed server with the following
properties:
Review Choices
Choices or Values
Server Name: MedRecSvr4
Server Listen Address: wls-sysadm
Server Listen Port: 7027
Select No, stand-alone server.
Click Next.
Click Finish.
b) Each server session prompts for the username and password. Enter the values, and
then each session should eventually indicate that the corresponding server is
running as the message <Server started in RUNNING mode> appears.
5) Shut down MedRecSvr2 from the command line and MedRecSvr3 by using the
Administration Console
a) In your gnome terminal, navigate to the bin folder of your domain and run
stopManagedWebLogic.sh as follows:
$> cd
/u01/app/oracle/user_projects/domains/MedRecDomain/bin
$> ./stopManagedWebLogic.sh MedRecSvr2
b) In the Administration Console, access the Summary of Servers page. Click the
Control tab.
c) Select MedRecSrv3. Click Shutdown, and then from the drop-down menu, select
Force Shutdown Now. Acknowledge you want to do this by clicking Yes.
d) Check the tab running the process for MedRecSvr3. It should have stopped.
e) Refresh the Summary of Servers table and now MedRecSvr1 should still be
RUNNING, and MedRecSvr2 and MedRecSvr3 should both be SHUTDOWN.
c) Back in the Administration Console, refresh the Summary of Servers table and
verify that MedRecAdmSvr, MedRecSvr1, MedRecSvr2, and MedRecSvr 3 are
all RUNNING, and Health is OK.
a) In your gnome terminal session, ensure that the environment variables have been
set. You make a quick check using the following command:
$> env | grep JAVA
JAVA_USE_64BIT=
JAVA_OPTIONS= -Xverify:none
JAVA_VENDOR=Oracle
JAVA_HOME=/u01/app/oracle/product/fmw/11.1.0/jrockit_160_05
_R27.6.2-20
JAVA_VM=-jrockit
If JAVA parameters do not appear, you can execute the setWLSEnv.sh script
to set the environment variables.
b) Enter the following code to create the managed server:
java weblogic.WLST
connect('weblogic','Welcome1','t3://wls-sysadm:7020')
edit()
startEdit()
cmo.createServer('MedRecSvr4')
cd('/Servers/MedRecSvr4')
cmo.setListenAddress('wls-sysadm')
cmo.setListenPort(7027)
activate()
disconnect()
exit()
Property Name
Server Name
Server Listen Address
Server Listen Port
Cluster
Big Picture:
b) In the Administration Console, in the Change Center, click Lock & Edit. You will
need to click Lock & Edit each time before any change to the configuration.
c) In Domain Structure, navigate to MedRecDomain > Environment > Machines.
Click New.
d) In Name, enter MedRecMch1. In Machine OS, select Unix from the drop-down
menu. Click OK.
e) On Summary of Machines, click MedRecMch1. Click the Configuration >
Servers tab. Click Add.
f) On the Identify Server page, from the Select a server drop-down list, select
MedRecSvr1 and click Next.
g) On the Summary of Machines page, click Add. On the Identify Server page, from
the Select a server drop-down list, select MedRecSvr2 and click Finish.
h) In the Change Center, click Activate Changes. This adds the servers to a new
machine.
i) Using steps d through f, create the MedRecMch2 machine and assign
MedRecSvr3 to it. Click Lock & Edit as necessary.
j) In the Administration Console, refresh the Summary of Servers table. Now all
managed servers should be associated with a machine.
a) If the MedRecAdmSvr server is not running, start it by using the Start MR Admin
icon on the desktop. If any of the managed servers are running, stop them by
using the Console or stopManagedWebLogic as covered in the previous lab.
a) In the Change Center, click Lock & Edit. Then navigate to MedRecDomain >
Environment > Machines. Click MedRecMch1.
b) Click the Node Manager tab and select Plain from the Type drop-down list. Set
Listen Address to wls-sysadm and click Save.
1) By default, the Node Manager communicates with the administration server over
Secure Sockets Layer (SSL) connections. However, the administration server is not
yet configured with secured connections. So reconfigure the Node Manager to use
plain communication.
b) In the Change Center of the Administration Console, click Lock & Edit. In
Domain Structure, navigate to MedRecDomain > Environment > Servers. Click
MedRecSvr1. Navigate to the Configuration > Server Start tabs.
c) Copy and paste the $JAVA_HOME information from the gnome terminal session
window into the Java Home field on the Settings for MedRecSvr1 page.
d) Copy and paste the $CLASSPATH information from the Linux terminal session
window into the Class Path field on the Settings for MedRecSvr1 page.
Both these pieces of information will be pasted into the browser window.
4) Start the Node Manger because you have reconfigured it using plain mode of
communication.
a) In a gnome terminal session, go to $WL_HOME/server/bin and start the Node
Manager using the following command:
$> gnome-terminal -title "Node Manager" e
"./startNodeManager.sh wls-sysadm 5556"
At least MedRecDomain should be in the list, there may be other domains as well.
b) Select MedRecSvr1 and click Start. Click Yes to start the server. The State
changes from UNKNOWN to STARTING. You can refresh the table by clicking the
cycle
icon or by selecting MedRecDomain > Environment > Servers.
c) Note that you no longer have a terminal session displaying the server log. Note
that the Node Manager terminal output indicated that it was creating several
directories and files for the managed server MedRecSvr1.
2) Using WLST, start the MedRecSvr2 server.
$> java weblogic.WLST
wlst/connect('weblogic','Welcome1','wls-sysadm:7020')
cd('/Servers')
ls()
start('MedRecSvr2')
exit()
You should see a series of dots as a progress bar, and then the message:
Server with name MedRecSvr2 started successfully
3) Verify that the MedRecSvr1 and MedRecSvr2 servers are started properly by viewing
their State in the Administration Console. The State should be RUNNING and Health
should be OK.
Big Picture:
Each server (both the administration and managed varieties) generates logs of activity. In
addition to the server logs, there are HTTP logs, JMS logs, JDBC logs, and application
logs. The server logs are stored locally and some of the information can also be
forwarded to a domain log at the administration server. You filter the traffic from
MedRecSvr3 to only send more severe JDBC errors. Lastly, you look at the kinds of logs
available and look at the domain log in particular. The key tasks are:
Configuring logging parameters
Examining log entries
e.
f.
Screen/Page Description
Log Filter Properties
Log Filters
Config Log Filter Expressions
Add Expression (By default Notice
and Warning, messages are also
logged. Using this filter you
restrict the amount and kind of
messages forwarded.)
Config Log Filter Expressions
Add Expression
Choices or Values
Name: SevereJDBC. Click OK.
Click SevereJDBC.
Click Add Expressions.
Message Attribute: SEVERITY
Operator: =
Value: ERROR
Click OK.
b) Examine the domain log. Most of the messages are related to the starting and
stopping of the servers and are of the severity Notice. Still, there seems to be
many more lines in the file than on the Administration Console. Why?
3) In the Administration Console, change the time interval for logging and verify the
logs.
a) Back in the Administration Console, view the Domain Log again. Click
Customize this table. Change the Filter Time Interval from the default Last 5
minutes to Last 1 week(s). Click Apply.
b) Now there should be several entries to look at.
c) See if this time filter change altered the number of entries shown on ServerLog as
well.
Type of Logs
Big Picture:
Deploying Applications
Choices or Values
Navigate to /home/oracle/wlssysadm/labs/Lab11. Select jsf1.2.war. Click Next.
b) Use the start_nm.sh script in a gnome terminal to start the Node Manager.
c.
d.
Optional Settings
e.
f.
g.
Choices or Values
Note that the Assistant knows that jsf is a
library, and not an application. Click Next.
Select the MedRecSvr1 server as the target.
Click Next.
c) In Domain Structure, click Deployments. In Change Center, click Lock & Edit.
Click Install.
d) In the Install Application Assistant, complete the following steps for deploying
the JSTL library class:
Step Screen/Page Description
a.
Locate deployment to install and
prepare for deployment
b.
c.
d.
Choices or Values
Navigate to /home/oracle/wlssysadm/labs/Lab11. Select jstl1.2.war. Click Next.
Note that the Assistant knows that jstl is a
library, and not an application. Click Next.
Select MedRecSvr1. Click Next.
You have already seen the screens here and
you need not change anything. As a shortcut,
f.
Final step.
Choices or Values
click Finish to accept the defaults.
If you are not going to add any notes, then
you do not have to save. Note at the bottom
of the page that no applications reference
this library yet.
Click Activate Changes.
4) On the Deployments page, you should now see jsf and jstl deployed and are active.
Unlike application deployments, libraries do not need to be started; they are already
started. To verify this, select jsf and select Start > Servicing all requests. A warning
message appears indicating that this is not necessary and will be ignored.
c.
d.
e.
Change Center
Choices or Values
Navigate to /home/oracle/wlssysadm/labs/Lab11. Select
medrec.ear. Click Next.
Note that the Assistant knows that Medrec is
an application versus a library. This is
different from jsf and jstl that you created
previously. Click Next.
Select MedRecSvr1. Click Next.
You have already seen the screens here and
you need not change anything. As a shortcut,
click Finish to accept the defaults. Note that
State is distribute Initializing.
Click Activate Changes. Note that State is
now Prepared.
2) Optionally, you can click the plus next to Medrec and see the pieces of the EAR that
were deployed. Click the minus sign to shrink it.
3) Deploy the Benefits application on MedRecSvr2.
a) In the Administration Console, in Domain Structure, navigate to Deployments. In
Change Center, click Lock & Edit. In Deployments, click Install.
b) In the Install Application Assistant, complete the following steps for the Benefits
deployment:
Step Screen/Page Description
a.
Locate deployment to install and
prepare for deployment
b.
c.
d.
Optional settings
Choices or Values
Navigate to /home/oracle/wlssysadm/labs/Lab11. Select
benefits.war. Click Next.
Note that the Assistant knows that Benefits
is an application versus a library. Click Next.
Select MedRecSvr2. You are allowed to
have more than one application per server,
but for this lab, you are spreading them
around. Click Next.
You have already seen the screens here and
you need not change anything. As a shortcut,
b) In the Install Application Assistant, complete the following steps for deploying
Medrec applications:
Change Center
Choices or Values
click Finish to accept the defaults. Note that
the State is distribute Initializing.
Click Activate Changes. Note that State is
now Prepared.
4) Optionally, you can click jsf and observe that at the bottom, there is now a list of
dependent applications that reference this library. Medrec requires the jsf library,
whereas Benefits does not.
Do not spend more than a minute here because several key components are not
implemented yet. Bookmark this URL.
If the server was in development mode and autodeploy was active (which is not the
case), then this change of time stamp would be enough to trigger a redeployment. For
your environment, you must explicitly redeploy.
a) Go to a Linux terminal session and navigate to ~/wls-sysadm/labs/Lab11,
and enter touch benefits.war to change the time stamp to now.
b) In the Administration Console, in Change Center, click Lock & Edit.
c) In Domain Structure, navigate to MedRecDomain > Deployments. Select benefits
and click Update.
d) Click Finish.
If you had the old and new WAR files in the /old and /new directories, you could
change the paths here. In your case, nothing has moved. State is now deploy
Initializing.
e) In Change Center, click Activate Changes. State is now Active.
This was a rather ungraceful way of performing an update. Perhaps more graceful
would be to stop the Benefits application first and then update. You can choose Force
Stop Now or when work completes, depending on your situation.
4) Suppose a new version of the Benefits application is released. Deploy the new version
of the Benefits application.
1) Start Oracle HTTP Server that is installed and configured, and note the port number
for Oracle HTTP Server.
a) Click the Start OHS icon on your desktop.
b) Run the status_ohs.sh script in the ~/wls-sysadm folder and note the port
beside http in the last line:
In this practice, you redirect requests for the Benefits and Medrec applications via a Web
server. Instead of the explicit URLs used before (which will still work), all references to
those applications will be routed through Oracle HTTP Server. By configuring
mod_wl_ohs.conf, you will be redirected to the following addresses:
http://wls-sysadm:7777/medrec to http://wls-sysadm:7021/medrec
http://wls-sysadm:7777/benefits to http://wls-sysadm:7023/benefits
In real life, the OHS, medrec, and benefits servers may be on different hosts.
If you do not like editing the file, you can copy the mod_wl_ohs.conf file from
the ~/wls-sysadm/labs/Lab12 folder to /u01/app/oracle/instances/config/OHS/ohsa.
3) Verify accessing Medrec and Benefits applications through OHS.
a) Stop and start OHS to give effect to the changed mod_wls_ohs configuration
by using the Stop OHS and Start OHS icons on the desktop.
Note that you are accessing two different back-end application servers using a single
front-end OHS.
4) Now delete the Benefits application.
a) In Change Center, click Lock & Edit. Then navigate to the Deployments page.
b) Select the Benefits application and try to delete it while it is still in an active state.
This will fail. You are warned that you cannot delete an application while it is
running (active).
c) Select benefits again, select Stop > Force Stop Now, and click Yes.
d) Select benefits now and click Delete. Click Yes to delete Benefits.
b) The only way to remove jsf is to remove Medrec first, or to remove both jsf and
Medrec at the same time.
Big Picture:
cd /u01/app/oracle/product/fmw/11.1.0/wlserver_10.3/server/bin
source ./setWLSEnv.sh
3) You cannot redeploy an application with the same name from two different locations
such as /Lab11 and /Lab12, so you need to undeploy the old benefits that was from
/Lab 11. Type all on one line (with no line breaks):
java weblogic.Deployer -adminurl t3://wls-sysadm:7020
-username weblogic -password Welcome1 -name benefits
-undeploy
4) Deploy the application using WLST by entering the following without any line
breaks:
java weblogic.Deployer -adminurl t3://wls-sysadm:7020
-username weblogic -password Welcome1 -name benefits
-deploy benefits.war -targets MedRecSvr2
When you use the Deployer, it sets up Edit and Activate internally.
5) Open a Web browser and clear its cache by going to Tools > Clear Private Data.
Deselect Browsing History and select Cache and Authenticated Sessions. Click Clear
Private Data Now.
c) Go back to the Benefits home page and clear the cache again. Leave this page
displayed.
7) Update the Benefits application to use blue fonts.
a) In the gnome terminal session, copy the Blue benefits onto the current Benefits
application by entering:
cp benefits.war.Blue benefits.war
6) Test the application by using the Web browser. Use the URL
http://wls-sysadm:7023/benefits.
f) The changes are all internal to the WAR file, so you do not need to change any
paths. Click Finish.
g) The State is deploy Initializing. During this time, the application is unavailable
(but do not try it). In Change Center, click Activate Changes. State changes to
Active.
8) Verify that the changes have become effective.
a) In the Benefits tab of the browser, clear the cache again, and then select Vacation
or Vision or any of the other pages.
b) You see that they should now say, MedRec Blue. If it still says the wrong color,
the state of the servlet is completely confused, which is why you need to do
versioning in the first place. This can be fixed or avoided by stopping the Benefits
application, deleting it, activating changes, and then installing it fresh, and then
restarting it.
cp benefits.war.Green benefits.war
g) Select benefits and then select Stop > Force Stop Now. Click Yes to stop the Blue
version. State changes to Prepared.
h) Select benefits and click Delete. Click Yes to delete the Blue benefits deployment.
Click Activate Changes.
2) Now deploy the green version of the Benefits application to MedRecSvr2.
a) In Change Center, click Lock & Edit. In the Deployments table, click Install.
b) Select benefits.war (in /home/oracle/wls-sysadm/labs/Lab12,
which is the Green version) and click Next.
c) The Install Application Assistant knows that this is an application (versus a
library), so click Next.
d) Select MedRecSvr2 as the target and click Next.
a) In the gnome terminal session, copy the Blue benefits onto the current Benefits
application by entering:
f) In Change Center, click Activate Changes. Note on the Deployments table that
this is the (Green) version.
g) Select benefits and then select Start > Servicing all requests. Click Yes to start the
deployment.
3) In the Web tab, http://wls-sysadm:7023/benefits should now show Green.
4) Now update the application with the Red version, and this time, you can install the
new version of the application while the previous version is running, and then retire
the older version.
a) In the Linux terminal session, copy the Red (final) benefits onto the current
Benefits application
$> cp benefits.war.Red benefits.war
b) In the Administration Console tab, in Change Center, click Lock & Edit. In
Deployments, click Install.
c) Select benefits.war (which is the Red version) and click Next.
d) The Install Application Assistant knows that this is an application, so click Next.
e) Select MedRecSvr2 as the target and click Next.
e) Note that Archive Version (from the manifest.mf file) displays Green. You
can change it here if you want to. Accept the defaults and click Finish.
g) In Change Center, click Activate Changes. Note that there are now two versions
of the Benefits application: the older Green version (Active) and the newer Red
version (Prepared).
h) Select the benefits (Red) and then select Start > Servicing all requests. Click Yes
to start the deployment. The older Green version changes State from Active to
Retired.
f) Note that Archive Version (from the manifest.mf file) displays Red. Accept
the defaults and click Finish.
Big Picture:
to the data source. The schema you can query against is the MEDREC schema, and the
tables are ADMINISTRATORS, PATIENTS, PHYSICIANS, PRESCRIPTIONS, and
RECORDS. The key tasks are:
Creating JDBC modules (via GUI and WLST)
Deploying JDBC modules
Testing JDBC modules
b.
Transaction Options
c.
Connection Properties
d.
e.
f.
Choices or Values
Name: testSample
JNDI Name: abc.xyz.testSample
Database Type: Oracle
Database Driver: Oracles (Thin XA) for
Instance connections; Versions:
... 11
Look at the other database choices and then click
Next.
Because you selected an XA driver, there is
nothing to do here. Click Next.
Database Name: orcl
Host Name: wls-sysadm
Port: 1521
Database User Name: weblogic
Password and Confirm Password: Welcome1
Click Next.
Click Test Configuration. Messages should say,
Connection test succeeded. Click Finish.
Click testSample.
Navigate to the Configuration > Connection Pool
tab.
a) Sign on to the Administration Console, and in Change Center, click Lock & Edit.
Advanced
i.
Change Center
h.
Choices or Values
Initial Capacity: 5
Maximum Capacity: 25
Capacity Increment: 5
Click Save. Click Advanced.
Test Frequency: 180
Shrink Frequency: 600
Click Save.
Click Activate Changes.
c.
d.
e.
f.
g.
Start Deployments
Choices or Values
Path: /home/oracle/wlssysadm/labs/Lab13
Select testds.war.
Click Next.
Accept the default of Install this
deployment as an application. Click Next.
Select MedRecSvr3. Click Next.
Accept all the defaults. Click Finish.
Click Activate Changes.
Select testds (check box). Click Start and
select Servicing all requests.
Click Yes.
e) In Domain Structure, navigate to MedRecDomain > Services > JDBC > Data
Sources and click testSample.
f) Click the Targets tab.
g) In Change Center, click Lock & Edit.
h) Select MedRecSvr3. Click Save.
i) In Change Center, click Activate Changes.
j) In Domain Structure, navigate to MedRecDomain > Services > JDBC > Data
Sources to view your deployment status in Summary of Data Sources. Note that it
is now associated with MedRecSvr3.
9) In the application, try using the following values (it will fail):
Field Name
Data Source Name
Table Name
Value
testSample
medrec.patients or
medrec.physicians or
medrec.prescriptions
weblogic
Welcome1
Username
Password
Note the error message.
javax.naming.NameNotFoundException: Unable to resolve
'testSample'. Resolved ''; remaining name 'testSample'
10) Click Back in the browser (to save typing) and change the Data Source Name to
abc.xyz.testSample and click Test Data Source. It should work.
11) Click Back in the browser (to save typing) and change the Data Source Name to
ABC.XYZ.testSample and click Test Data Source. It should fail because the
JNDI name is case-sensitive.
12) Click Back in the browser (to save typing) and change the Username to medrec and
password to Welcome1. This is allowed from the databases point of view, but the
testDS application will fail to authenticate medrec. You will get an error message:
Error: User: medrec, failed to be authenticated.
8) Open a new browser window or tab and access the URL http://wlssysadm:7025/testds.
3) Go to a Linux terminal session and make sure that the environment variables are set
by running setWLSEnv.sh. Navigate to ~/wls-sysadm/labs/Lab13.
4) Look at the contents of the createDataSource.py script. You should recognize all
the commands from the screens you just completed for testds. Should you be able to
sit down with a blank editor and write that? Probably not (yet). Should you be able to
modify it to suit your purposes? Probably yes. Should you be able to run a Record
session
to capture those steps from the GUI? Absolutely.
5) You can run the script by entering
java weblogic.WLST createDataSource.py.
6) Verify that the script worked by going back to the Administration Console and
checking that the new data source is there.
a) In the Administration Console, in Domain Structure, navigate to MedRecDomain
> Services > JDBC > Data Sources.
b) Verify that MedRecGlobalDataSourceXA has been recreated.
Right now, you will not have any consumers; you will simply be posting the messages
and getting familiar with monitoring the message statistics in the Administration Console.
c) Navigate to MedRecDomain > Services > Messaging > JMS Modules. Note that a
JMS module has also been created.
b) Navigate to MedRecDomain > Services > Messaging > JMS Servers. You should
see two JMS Servers. These were configured when you extended the domain with
a template.
d) Click Next and target the JMS server to MedRecSvr1. Click Finish.
e) Click Activate Changes and confirm that all changes have been activated.
3) Configure a JMS module and add a queue and a topic to the JMS module according to
the following specifications:
Resource
JMS Module
Parameter
Name
Descriptor File Name
Target
Choices or Values
HRModule
HRModule
MedRecSvr1
HRSubDeployment
HRJMSServer
Queue
Name
JNDI Name
Template
Target
HRQueue
HRQueue
None
HRJMSServer
Topic
Name
JNDI Name
Template
Target
HRTopic
HRTopic
None
HRJMSServer
a) Navigate to MedRecDomain > Services > Messaging > JMS Modules in the
Administration Console. Click Lock & Edit to enable configuring resources.
b) Click New in the JMS Modules table and specify Name: HRModule and
Descriptor File Name: HRModule, and click Next.
c) Select MedRecSvr1 as the target managed server.
c) Click New under the JMS Servers table and specify the following properties:
Name: HRMSServer, and Persistent Store: (none)
h) Click the Configuration tab. In the Summary of Resources table on the Settings
for HRModule page, click New to configure a new JMS queue for the JMS
module.
i) On the Create a New JMS System Module Resource page, under the heading
Choose the type of resource you want to create, select Queue and click Next.
j) In JMS Destination Properties, specify the parametersName: HRQueue, JNDI
Name: HRQueue, Template: Noneand click Next.
k) Select HRSubDeployment from the subdeployments list. Click Finish.
l) In the Summary of Resources table on the Settings for HRModule page, click
New to configure a new JMS topic for the JMS module.
m) On the Create a New JMS System Module Resource page, under the heading
Choose the type of resource you want to create, select Topic. Click Next.
n) In JMS Destination Properties, specify the parametersName: HRTopic, JNDI
Name: HRTopic, Template: None. Click Next.
o) Select HRSubDeployment from the subdeployments list. Click Finish.
g) On the Targets page, select the HRJMSServer as the target under the JMS Servers
table. Click Finish.
4) Deploy the Web application messaging.war, which you use to post messages to
the queue or the topic.
a) Navigate to MedRecDomain > Deployments. Click Lock & Edit.
b) Select Install, navigate to /home/oracle/wls-sysadm/labs/Lab14, and select
messaging.war. Click Next and accept all the defaults and click Next again.
Target the application to MedRecSvr1.
c) Click Next and accept all the defaults. Click Finish. Click Activate Changes.
d) Start the application by selecting the check box against the application name
under the Deployments table. Select Start > Servicing all requests.
e) Click OK to confirm starting the application.
5) Verify that the Web application has deployed correctly by navigating to http://wlssysadm:7021/messaging in a Web browser and posting messages to either the queue
or the topic using the deployed Web application.
a) If not already open, open a new Web browser tab or window and navigate to
http://wls-sysadm:7021/messaging.
b) Using the application, post a few messages to the queue and to the topic. Do not
post any message to the distributed queue.
c) In the Administration Console window or tab, navigate to MedRecDomain >
Services > Messaging > JMS Modules. In the JMS Modules table, click
HRModule. On the Summary of Resources page, click HRQueue, and then click
the Monitoring tab. This will show the number of messages that have been posted
into HRQueue.
p) Activate the changes. You should be able to see JNDI entries on the MedRecSvr1
managed server called HRQueue and HRTopic.
e) At the bottom of the Summary of Messages page, click the Message link in the
table to see the message details.
Note: In the topic (unlike the queue), messages do not appear to be getting stored.
This is because you do not have any durable subscribers registered for this topic.
In this practice, you create a cluster and assign two servers to the cluster. You also make
the preliminary check on the port and status of Oracle HTTP Server. In the next practice,
you configure Oracle HTTP Server to function as the Web tier front end for the cluster.
Choices or Values
MedRecCluster
Unicast (default)
MedRecSvr2 and MedRecSvr3
$> /home/oracle/wls-sysadm/start_adm.sh
e) Click Add, then select an existing server MedRecSvr2, and click Next. Again
click Add and select MedRecSvr3, and then click Finish. Click Activate changes.
2) Start MedRecSvr3. Wait for it to come up. Then start MedRecSvr2. Watch each
server as it tries to synchronize with other servers in the cluster and finally joins the
cluster.
a) Start the MedRecSvr3 server by using the start_mr3.sh shell script in the
/home/oracle/wls-sysadm folder:
b) Watch the server start up in another terminal window. At some point, you should
see it start listening for cluster announcement and waiting to synchronize with
other servers in the cluster. Because the other servers have not started yet, there is
nothing for it to synchronize with yet.
<Notice> <Cluster>
announcements from
<Notice> <Cluster>
with other running
c) Start the MedRecSrv2 server by using the start_mr2.sh shell script in the
/home/oracle/wls-sysadm folder. (You could have started using the
Administration Console, but using the command line, you can see some startup
messages that help understand the startup process of a clustered server.)
d) Watch the MedRecSvr2 server start up in the terminal window. As it is starts, it
will synchronize with MedRecSvr3, which is the other server in the cluster, and
will download the cluster JNDI tree.
<Notice> <Cluster> <BEA-000133> <Waiting to synchronize
with other running members of MedRecCluster.>
<Notice> <Cluster> <BEA-000142> <Trying to download cluster
JNDI tree from server MedRecSvr3.>
<Notice> <Cluster> <BEA-000164> <Synchronized cluster JNDI
tree from server MedRecSvr3.>
f) Navigate to MedRecDomain > Environment > Servers and view the list of
servers. Note that MedRecSvr2 and MedRecSvr3 are now part of the
MedRecCluster.
4) Shut down OHS, and then configure mod_wl_ohs to enable routing requests to
MedRecCluster.
a) View the stop_ohs.sh script in the /home/oracle/wls-sysadm folder and note
the relevant OPMNCTL command that is used to stop OHS and other WebTier
components. Then run the script to stop OHS and the WebTier components. (You
could also use the Stop OHS icon on the desktop to stop OHS.)
b) In a gnome terminal session, change directory to the OHS instance configuration
folder (/u01/app/oracle/instances/config/OHS/ohsa). Copy the
mod_wl_ohs.conf file to mod_wl_ohs.bak16. Then edit
mod_wl_ohs.conf so that it appears as in the following screenshot:
$> cd /u01/app/oracle/instances/config/OHS/ohsa
$> cp mod_wl_ohs.conf mod_wl_ohs.bak16
$> status_ohs.sh
Note: To simplify this task, you can copy the mod_wl_ohs.conf file in the
/home/oracle/wls-sysadm/labs/Lab16 folder to
/u01/app/oracle/instances/config/OHS/ohsa:
$> cp /home/oracle/wls-sysadm/labs/Lab16/mod_wl_ohs.conf
/u01/app/oracle/instances/config/OHS/ohsa
5) Start OHS and verify that you can access the Benefits application through OHS (port
7777).
a) Use the scripts available in the /home/oracle/wls-sysadm folder and start OHS.
$> /home/oracle/wls-sysadm/start_ohs.sh
6) Stop the MedRecSvr2 server, clear the browser cache, and try to access the Benefits
application through OHS. What happens?
a) You will not be able to access the application because even though you have
created a cluster, the application was not targeted to cluster and, therefore, only
MedRecSvr2 was serving requests to the Benefits application.
g) In another Browser window, access the Benefits application through OHS (URL:
http://wls-sysadm:7777/benefits). Note that you are able to access the Benefits
application.
h) Stop the MedRecSvr2 server, clear the browser cache, and try to access the
Benefits application through OHS. You can continue to access the Benefits
application because the application has been targeted to the cluster.
Preferred Secondary
RepGroupB
RepGroupA
Server
MedRecSvr2
MedRecSvr3
a) Change directory to /home/oracle/wls-sysadm/labs/Lab17/InMemory/ShoppingCart and package the Web application into a .war file by
using the jar command:
$>jar cf ./ShoppingCart.war *
(This step has already been done for you and the resultant ShoppingCart.war is
placed in the HOME/wls-sysadm/labs/Lab17/In-Memory folder.)
b) Deploy the ShoppingCart.war application from the
/home/oracle/wls-sysadm/labs/Lab17/In-Memory folder.
d) Activate your changes and start the application to serve all requests.
Oracle WebLogic Server 11g: Administration Essentials A - 94
c) Go back to the home page and view the items in your shopping cart.
e) To simulate a server failure, kill the server instance handling your requests by
entering CTRL-C in the terminal window of that server.
f) Back in the application browser, continue shopping and add something else to your
shopping cart.
g) View the shopping cart. All the items you added to the cart should be in the cart.
h) Check the server consoles to see which server is now handling the request.
i) Restart the server that was killed.
d) Check the gnome terminal session for MedRecSvr2 and MedRecSvr3. You will
notice messages indicating addition of items in the server that is handling the request.
You need to create users and groups in your security realm to enable appropriate
authentication for some applications.
In this case, you:
Create new users using the Administration Console
Create groups of employees and managers
Assign groups to users
Configure groups-to-role mapping
Define resources that are protected by the security you have configured
Verify that it is working
User
John
Joe
Ted
Mary
Albert
Password
Welcome1
Welcome1
Welcome1
Welcome1
Welcome1
Groups
Administrators
employees, managers
employees,
Employees, managers
employees
1) Create two groups in the security realm of your environments. Then create users and
assign users to these groups as per the following table:
f) Click each username in the Users table, on the Settings for myrealm page, and
click the Groups subtab.
e) Then click the Users subtab and click New to create new users. The screen for
creating the user Mary is shown here. Similarly, create other users as stated in the
table at step 1.
New Role:
URL Pattern
Name
Provider Name
Choices or Values
Use roles that are defined in the Administration
Console; use policies that are defined in the
deployment descriptor.
/managers/*
Director
XACMLRoleMapper
Description
Custom Roles
i) In the Standalone Web Application URL Patterns and Roles table, you should
now see the URL pattern created and assigned to the director role.
j) Click director and click Add Conditions. Select Group from the Predicate list and
click Next.
http://wls-sysadm:7021/timeoff
Using keytool to generate an identity keystore that contains a private key and a
self-signed public certificate
Configuring keystores in the Administration Console
Configuring SSL for a managed server
d) Generate a Certificate Signing Request (CSR) using the key you have created. (You
can use certreq.sh instead of entering the keytool command.)
$> keytool certreq v alias MRkey file MR_cert_request.pem
-keypass MRkeypass storepass MRstorepass
-keystore MR_identity.jks
Choices or Values
Custom Identity and Java Standard Trust
MR_identity.jks
JKS
MRstorepass
changeit
a) In your gnome terminal session, ensure that JAVA_HOME and the related
environment variables have been set. (If they have not been set, run the
setWLSEnv.sh script.)
d) Select the check box next to SSL Listen Port Enabled and set the SSL Listen Port as
7022. Then click Save.
e) Click Activate Changes. Then stop the MedRecSvr1 server.
f) Start the MedRecSvr1 server using the desktop icon or the script.
g) In another browser window or tab, access the URL: https://wls-sysadm:7022/timeoff.
You may receive an error or warning.
c) Navigate to MRDomain > Environment > Servers > MedRecSvr1 > Configuration >
General.
j) Click Confirm Security Exception. In this box, you can also make this exception
permanent by selecting the Permanently store this exception check box.
Big Picture:
1) Stop all the servers using any method you have learned. For example, you could
change directory to
/u01/app/oracle/user_projects/domains/MedRecDomain/bin/
and run ./stopManagedWebLogic.sh MedRecSvr1 to stop MedRecSvr1.
Similarly, stop MedRecSvr2 and MedRecSvr3.
To stop the administration server, run ./stopWebLogic.sh.
2) Switch to the root user. As root, go to the root (/) directory and run the tar
command as follows:
tar -czpvf /projects.tar /u01/app/oracle/user_projects/*
You really want to test it now, so that there are no problems later.
4) Restart the administration server to make sure that it is functioning properly.
In this practice, you stop all middleware processes and take a cold backup of the
user_projects directory. In real life, you would back up the fmw directory and the
database as well. A backup of the fmw directory is the same process except that it takes
five times longer and does not demonstrate anything that you will not see on the shorter
directory. A backup of the database is longer still and involves a tool called RMAN. The
DBA usually handles that process (in fact, it is usually automatic). So in this lab, you will
not back up the database.
This ensures that nothing is left as a zombie (a process that wont be killed properly).
3) As root, from the root directory, restore the configuration files. Even though you
lost only part of /user_projects, restore the whole TAR file because there may be
interdependencies. Enter tar -zxvpf /projects.tar.
4) Restart the administration server to ensure that it is functioning properly.
<JVM called WLS shutdown hook. The server will force shutdown
now> <Server shutdown has been requested by <WLS Kernel>>
Glossary
ACID
ACK
AsyncRep
API
BPEL
CA
CGI
CLI
CLV
CSR
CSS
CMO
COM
CORBA
DBA
DCOM
DD
DDL
DMZ
DNS
DoS
DSA
DTD
EAR
EE
EJB
FIFO
FMW
GMD
GUI
HTML
HTTP
IIOP
IIS
Glossary/Acronyms
JDK
JKS
JMS
JMX
JNDI
JPA
JPS
JRF
JRMP
JSSE
JSP
JavaServer Pages
JSR
JTA
JVM
JWS
LDAP
LDIF
LVC
MIME
MSI
NES
NIC
O/R
OAAM
J2SDK
JAAS
JACC
JAR
Java EE
Java SE 6
JAX-WS
JAZN
JCA
JCE
jCOM
JDBC
T3S
OASIS
ODBC
OHS
OID
OOTB
OPMN
OPSS
ORB
OS
OTN
PAM
PKI
PTP
QoS
RAC
RAR
RBAC
RCU
RMAN
RMI
RSH
SAF
SAML
SDK
SHA
SLA
SNMP
SOA
SOAP
SQL
SSH
SSL
SSPI
T3
Tape Archive
Transmission Control Protocol
Transport Layer Security
time-to-live
Uniform Resource Locator
Virtual Machine
Wide Area Network
Web Archive
WebLogic Diagnostics Framework
WebLogic Server
WebLogic Scripting Tool
Web Services Interoperability Technologies
X/Open Distributed Transaction Processing (part of two-phase commit)
eXtensible Access Control Markup Language
Extensible Markup Language
TAR
TCP
TLS
TTL
URL
VM
WAN
WAR
WLDF
WLS
WLST
WSIT
XA
XACML
XML
Index
A
Apache 1-10, 5-5, 5-15, 9-2, 9-10-11, 10-43, 15-15, 15-21, 15-25, 17-15, 20-5
API 2-7, 2-13-14, 2-18-19, 2-22, 6-14, 9-8, 9-11, 11-18, 12-30, 13-4, 13-7, 14-11, 15-5,
16-9
autodeploy 4-34, 10-2, 10-9, 10-11, 10-18, 10-29, 10-30, 10-48
B
Backup 18-31, 18-32, 20-1, 20-3, 20-7-8, 20-11, 20-13-14, 20-18, I-7
BEA 3-18, 3-19, 3-20-21, 3-23, 4-42-43, 5-9, 5-14, 7-8, 9-13-14, 9-17
CA 18-9, 18-10, 19-5, 19-8, 19-10, 19-12, 19-14, 19-18
cache 2-25, 4-27, 4-46, 8-16, 8-18, 11-21, 11-22, 11-23, 11-31, 11-32,
17-20, 17-40, 18-32, 19-32, 20-5
CCI 2-22
cluster 2-26, 4-5-9, 4-16-19, 4-31, 6-11, 6-16, 6-33, 6-35, 7-8, 7-14-15, 7-18, 7-31,
8-7-8, 8-41, 9-17, 9-23-26, 10-4, 10-10, 10-13, 10-43, 12-4, 13-22, 13-24, 14-18,
14-20-21, 14-23-24, 14-29, 14-38, 15-3-4, 15-2-9, 15-11, 15-13-24, 15-26-39, 16-122, 16-24-27, 17-2-16, 17-18-19, 17-24, 17-26-29, 17-31-34, 17-37-40, 17-45-46,
19-32, 20-4, 20-7, 20-11, 20-25, I-4-5
clusters 4-11, 4-14, 6-5, 8-5, 8-7-8, 9-23, 12-15, 13-12
Coherence 3-5, 14-36
Commons 9-5, 9-8, 9-11
context root 10-19, 11-9
CORBA 2-18
D
DMZ 10-35, 15-16, 15-20, 15-22
DNS 2-14, 4-9, 4-17, 7-4, 7-19, 8-10, 8-13, 11-13, 13-18, 15-20, 16-4, 16-6-7, 16-12,
17-33
DTDs 11-32
E
EAR 4-34, 11-7, 11-27, 11-32, 11-33-35, 12-26-27, 12-36, 14-19-21, 18-26
Eclipse 2-9, 12-8, 12-22
EIS 2-22
EJB 2-12, 2-14, 2-23, 2-30, 3-5, 4-17, 4-34, 11-3, 11-10, 11-17-31, 11-33-35, 11-38,
12-4, 12-27, 12-30, 15-3-6, 15-8-11, 15-17, 15-19, 15-34, 15-38, 16-7, 17-2-3,
17-8, 17-26, 17-31, 17-32-37, 17-39-40, 18-14-15, 18-23, 18-26-27, 19-7, I-3
extend 1-8-9, 4-10, 4-12, 4-21, 5-4-5, 5-7, 5-12, 5-17, 6-23, 6-26, 20-22
F
FMW 1-10, 4-11, 7-24
G
GUI 3-2-4, 3-6, 3-13-14, 4-5, 5-6, 7-7, 13-36, I-5
heartbeat 15-29, 15-31, 16-20, 20-23
HTML 1-8, 2-8, 2-9, 2-10, 2-11, 2-24, 3-23, 3-24, 6-9, 10-35, 10-38, 10-40, 10-41, 11-4,
11-5, 11-26, 15-16, 18-34, 18-35
HTTP 1-10, 1-12, 2-7, 2-8, 2-23, 2-24, 2-26, 2-30, 3-22, 4-11, 4-15, 4-18, 4-19, 4-45,
5-15, 6-6, 6-8, 7-14, 8-7, 9-4, 9-6, 9-10, 10-34-40, 10-42, 11-4, 11-11, 11-13-14,
11-31, 11-41, 12-25, 12-27, 12-30, 15-3-4, 15-6-8, 15-15-16, 15-18-19, 15-21-27,
15-34, 16-2, 16-4, 16-17, 16-22, 16-23-24, 16-27, 17-2-3, 17-8-13, 17-15-16,
17-18-19, 17-23, 17-26-31, 17-44, 18-27, 19-6, 19-24, 19-27-28, 19-30, 20-4-6,
20-12-13, 20-16, 20-32-33, I-4
I
IIOP 2-7, 2-23, 19-24
J
JAAS 2-20, 18-6
Jakarta 9-11
JAR 2-11, 3-15, 3-16, 3-17, 3-22, 4-33-34, 4-38-39, 5-4, 5-8, 5-12, 6-16, 6-26, 6-32,
7-25, 10-6, 10-31, 10-47, 11-6, 11-8, 11-27, 11-33-34, 18-26, 20-15, I-2
JCA 2-22, 4-38, 12-26, 12-30
JCP 2-6
JDBC 1-8, 2-7, 2-13-14, 2-17, 2-21-22, 3-16-17, 4-11-12, 4-14, 4-20-25, 5-5, 5-13, 7-21,
9-4, 9-6, 10-5, 10-22, 11-26, 11-28-29, 11-32, 12-5, 12-26, 12-30, 13-1-7, 13-9-14,
13-16-20, 13-22, 13-24, 13-26-27, 13-29-30, 13-32, 13-35-36, 14-7, 14-9, 14-16,
14-36-37, 14-39-40, 15-4, 15-6, 15-15-16, 17-2, 17-9, 17-16, 17-18-23, 17-44-45,
18-30, 20-12, I-7
JDeveloper 0-6, 2-9, 5-2, 5-11, 5-12, 5-21, 12-8, 12-22, 18-5
JMS 2-7, 2-14, 2-19, 3-5, 4-11-12, 4-14, 4-21, 4-26-27, 4-31, 5-5, 5-13, 7-21, 9-4, 9-6,
9-19, 10-5, 10-22, 11-26, 11-28-29, 11-32, 12-26, 12-30, 12-39, 14-1-4, 14-7-33,
14-35-42, 14-44-53, 15-4, 15-6, 15-15, 15-33, 18-26, 18-30, 19-26, 20-4-5, I-3, I-7
JMX 2-21, 4-7, 6-3, 6-14, 6-17, 6-18, 6-26, 6-35, 6-36, 6-39,
6-44, 8-14, 10-31, 16-9
JNDI 2-7, 2-14, 2-15, 2-16, 2-17, 4-22, 11-21, 11-23, 12-4, 12-30, 13-2, 13-5, 13-12,
13-15-16, 13-23-24, 13-34, 14-9-10, 14-22-24, 14-26, 14-30, 14-42, 15-29, 15-31,
15-35-36, 16-20, 18-23, 19-7
JPA 2-13, 11-18, 11-20
JRMP 2-23
JSTL 2-10
JTA 2-18, 14-11, 14-23, 15-5
JTS 2-18, 9-4, 12-30
JWS 11-14
Jython 1-9, 5-13, 6-22-25, 6-30, 10-26
L
LDAP 2-14, 4-29, 4-51, 6-16, 11-15, 13-34, 18-5, 18-12, 18-26, 18-31-33, 20-11-12
log4j 4-38, 4-39, 9-2, 9-8, 9-11
M
MBean 1-9, 6-27, 6-35-36, 6-39, 7-5-6, 7-14, 8-9, 9-7, 10-32, 13-24, 16-19, 17-30
MIME 2-8, 10-36, 10-38, 11-10-11, A-10
MSI 7-2, 7-3, 7-23, 7-26-29, 7-35-36, 8-5, 8-18, 20-23, 20-31
multicast 4-16, 4-17, 9-25-26, 15-29-33, 15-35-36, 16-4, 16-6, 16-10-11, 16-13, 16-20,
16-25
N
NIC 9-26, 9-27
O
ODBC 13-4
OHS 1-10, 1-12, 2-26, 5-15, 10-42, 10-43-44, 15-25-26, 16-22-24, 20-6, 20-13, 20-16
OID 1-11, 1-12
OPMN 1-9, 1-12, 4-45, 10-44, 16-23, 20-5, 20-13, 20-26
opmnctl 10-44, 16-23, 16-24, 20-16, 20-21, 20-26
OPSS 18-5
P
PAM 2-20
plug-in 2-26, 10-43, 15-3-4, 15-7, 15-21, 15-23-26, 17-9-10, 17-12-13, 17-15
Plug-In 15-23
proxy 1-10, 2-25-27, 3-16-17, 4-11, 4-18-19, 6-6, 10-43, 15-3-4, 15-7, 15-13, 15-16,
15-21-25, 15-27, 16-4-5, 16-17, 16-22, 17-9-10, 17-12-13, 17-15-16, 17-18, 19-6
R
RAC 13-9, 13-18, 20-11
RAR 2-22, 4-34, 11-25, 11-27, 12-30
RCU 5-15, 5-16, 5-17, 20-4, 20-5
Recovery 14-7, 20-1, 20-3, 20-5, 20-7, 20-8, 20-18, 20-20-23, 20-25, I-7
reverse proxy 1-10, 2-25
RMAN 0-6, 20-5, 20-10, 20-11, 20-19
RMI 2-7, 2-14, 2-23, 4-7, 12-25, 12-30, 15-4, 15-6, 15-9-10, 15-34, 15-36, 17-40
SAML 4-30
SCSI 20-7
setDomainEnv 3-20, 3-21, 4-39, 4-42, 4-43, 5-10, 6-29, 7-8-9, 7-33
SOA 1-3, 1-4, 1-5, 1-7, 1-11, 1-12, 5-2, 5-11, 5-12, 5-15-17, 5-21, 18-5, 20-4-6, 20-11
SOAP 1-3, 2-23, 2-24, 11-14
SSL 4-9, 4-11, 4-15, 6-6, 6-27, 6-29, 6-34, 6-36, 7-4, 7-7, 7-15, 7-19, 8-13, 8-21, 8-23,
8-29, 8-34, 9-26, 10-23, 10-40, 17-15, 18-9-10, 18-34, 19-2-8, 19-10, 19-14-15,
19-18-21, 19-24, 19-34, 19-37, 19-38
T
tar 10-5, 20-10, 20-13, 20-14, 20-16, 20-19, 20-21, 20-22
template 0-9, 1-12, 3-16, 4-10-12, 4-20-21, 4-24-25, 4-32, 4-42, 4-44, 4-53, 5-2-8,
5-11-14, 5-19-22, 6-26, 6-28, 6-32-33, 7-24-25, 12-6, 12-8, 12-11, 14-26
U
unicast 4-16, 15-29, 15-30, 15-33, 15-35, 15-36, 16-10, 16-20, 16-25,
17-41
URL 4-15, 4-22, 4-24, 7-4, 7-11, 10-2, 10-41, 11-11, 11-12, 11-13,
11-16, 12-34, 13-5, 13-13, 13-20, 13-25, 13-26, 15-24, 16-7, 17-12, 18-15,
18-29, 19-6, 19-7
W
WAR 2-11, 4-34, 11-4, 11-5, 11-7, 11-8, 11-27, 11-34, 11-35, 12-27,
12-30
Web Cache 1-10, 1-12, 4-45, 5-15, 15-25, 20-4-6, 20-13, 20-16, 20-17, 20-26, 20-32
WLDF 6-8, 7-20, 7-21, 9-25, 10-22
8-5, 8-9, 8-14-15, 8-39, 8-40, 8-44, 9-5, 9-13, 10-2, 10-8-9, 10-25-27, 10-32, 10-48,
12-6, 12-39, 13-6, 13-16, 13-24, 13-36, 14-19, 16-8, 16-9, 16-18, 18-36, 20-25, I-6
X
XA 4-23, 13-9, 13-16, 13-17, 14-22, 14-23
XML 1-3, 1-8, 2-24, 3-4, 3-16, 3-17, 4-8, 5-14, 6-16-18, 6-20-21, 6-32, 6-35, 9-5, 9-11,
11-4, 11-6, 11-7, 11-18, 11-21, 11-29, 11-32, 12-4, 12-37, 13-6, 13-14, 14-9, 14-2021, 20-12, I-3
Z
zip 10-5, 11-25
W
WLS 1-5, 2-6, 2-18, 2-23, 3-7, 3-9-10, 3-23, 4-2, 4-44, 5-15, 6-12, 6-14, 6-23, 6-26, 631, 6-33, 7-21, 7-24, 7-31-32, 8-4, 8-10, 8-13, 8-21, 9-1-2, 9-11, 9-13-14, 9-16, 926, 9-29-30, 10-8, 10-32, 10-36, 10-43, 11-6, 11-18, 11-20, 11-28, 11-32, 12-18,
12-27, 12-33, 12-36, 13-9, 13-14, 13-25, 14-9, 14-10, 14-13, 14-15-16, 14-22, 1524, 15-26-27, 17-14, 17-15, 17-26-27, 17-30, 17-34, 17-37, 17-39, 18-2-3, 18-5-8,
18-11, 18-13, 18-16-17, 18-19, 18-23, 18-28, 18-31, 18-36, 18-38, 18-40, 18-41,
19-2, 19-6-7, 19-13, 19-15-17, 19-19, 19-23-24, 19-37, I-7
WLST 1-9, 3-16, 4-2, 4-10, 4-38, 4-40, 4-41, 5-4-7, 5-13, 5-20, 6-1, 6-3, 6-14, 6-18, 622-23, 6-25-32, 6-34, 6-36-37, 6-39, 6-43-45, 7-2, 7-4-7, 7-14-15, 7-34, 8-2,